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Configuring Integrated Lights-Out 



iLO comes preconfigured with default factory settings, including a default user 
account and password. If iLO is connected to a network running DNS/DHCP, it 
can be used immediately without changing any settings. 

The majority of the iLO functionality is available in an operating system- 
independent manner. Some advanced features require that operating system 
drivers be installed. For greater security, iLO also can be configured using the 
information in the following sections. 

NOTE: ProLiant BL p-Class servers may also be accessed through the 
iLO Diagnostic Port on the front of the server. 

iLO offers three configuration options: 

• RBSU by pressing the F8 key 

RBSU is the recommended method to initially set up iLO. RBSU is available 
every time the server is booted and can be run remotely using the iLO 
Remote Console. You can use RBSU to configure network parameters, 
directory settings, global settings, and user accounts. RBSU is the required 
method to initially configure iLO network parameters for environments that 
do not use DHCP and DNS/WINS. 

RBSU can be disabled in the Global Settings preferences. This feature 
prevents reconfiguration from the host unless the iLO Security Override 
Switch is set. 

• Browser-based setup 



In This Section 



iLO Configuration Options 

Optimizing Performance for Graphical Remote Console 

Enabling iLO Advanced Functionality 

Installing iLO Device Drivers 
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iLO Configuration Options 
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You can use this method to initially configure an iLO system that uses 
DNS/DHCP to obtain an IP address. You can also use this method to 
reconfigure an iLO that was previously configured. 

You can also use this method to initially configure a ProLiant BL p-Class 
iLO system through the iLO Diagnostic Port. 

• Scripted setup 

You can use this method to initially configure an iLO system that uses 
DNS/DHCP to obtain an IP address. Using this method, the configuration of 
the iLO is sent across the network in a script file using the CPQLOCFG.EXE 
utility. 

iLO RBSU 

NOTE: When configuring iLO for the first time, you must use RBSU to 
setup a non-English keyboard. International keyboards can only be 
configured using RBSU. 

HP recommends using iLO RBSU to initially configure and set up iLO. iLO 
RBSU is designed to assist you with setting up iLO on a network; it is not 
intended for continued administration. 

To run iLO RBSU: 

1 . Restart or power up the server. 

2. Press the F8 key when prompted during POST. The iLO RBSU runs. 

3. If iLO is configured other than the default, enter a valid iLO user ID and 
password with the appropriate iLO privileges (Administer User Accounts, 
Configure iLO Settings). Default account information is located on the iLO 
Default Network Settings tag. If iLO has not been configured to present a 
login challenge to the RBSU, this step is not necessary. 

4. Make and save any necessary changes to the iLO configuration. 

5. Exit iLO RBSU. 

HP recommends using DNS/DHCP with iLO to simplify installation. If 
DNS/DHCP cannot be used, use the following procedure to disable DNS/DHCP 
and to configure the IP address and the subnet mask: 

1 . Restart or power up the server. 
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2. Press the F8 key when prompted during POST. The iLO RBSU runs. 

3. Enter a valid iLO user ID and password with the appropriate iLO privileges 
(Administer User Accounts, Configure iLO Settings). Default account 
information is located on the iLO Default Network Settings tag. 

4. Select Network, DNS/DHCP, press the Enter key, and then select DHCP 
Enable. Press the spacebar to turn off DHCP. Be sure that DHCP Enable is 

set to Off and save the changes. 

5. Select Network, NIC and TCP/IP, press the Enter key, and enter the 
appropriate information in the IP Address, Subnet Mask and Gateway IP 
Address fields. 

6. Save the changes. The iLO system automatically resets to use the new setup 
when you exit iLO RBSU. 

Browser-Based Setup 

Use this method if you are on a network that uses DHCP/DNS to obtain an IP 
address. You can also use this method to reconfigure a previously configured 
iLO. 

1 . Access iLO from a remote network client using a standard Web browser and 
provide the default DNS name, user name, and password on the Network 
Settings tag supplied with the server. The Network Settings tag is usually 
connected to the outside of the server at shipment. 

When you successfully log on to iLO, you can change the default values of 
the network, user, and SNMP alerting settings through the Web browser 
interface. 

2. Enter the activation key in the browser-based setup to enable iLO Advanced 
Pack features. 

If the iLO Advanced Pack features are licensed, you can deploy your 
operating system using the Virtual Floppy Drive and install operating system 
drivers and Insight Manager agents on the remote host server using the 
graphical Remote Console. 

NOTE: For ProLiant BL p-Class servers, Integrated Lights-Out 
Advanced Pack functionality is already enabled and cannot be disabled. 
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Optimizing Performance for Graphical Remote 
Console 

The following is a list of recommended client and server settings based on the 
operating system used. 

Recommended Client Settings 

Ideally, the remote server operating system display resolution should be the same 
resolution, or smaller, than that of the browser computer. Higher server 
resolutions transmit more information, slowing the overall performance. 

Use the following client and browser settings to optimize performance: 

• Display Properties 

- Select an option greater than 256 colors. 

- Select a greater screen resolution than the screen resolution of the remote 
server. 

- Linux X Display Properties — On the X Preferences screen, set the font 
sizes to 12. 

• Remote Console 

- For Remote Console speed, HP recommends using a 700-MHz or faster 
client with 128 MB or more of memory. 

- For the Remote Console Java applet execution, HP recommends using a 
single processor client. 

• Mouse Properties 

- Set the Mouse Pointer speed to the middle setting. 

- Set Mouse Pointer Acceleration to low or disable the pointer 
acceleration. 
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Recommended Server Settings 

The following is a list of recommended server settings based on the operating 
system used. 

NOTE: To display the entire host server screen on the client Remote 
Console applet, set the server display resolution less than or equal to 
that of the client. 

Microsoft® Windows NT® 4.0 and Windows® 2000 Settings 

Use the following settings to optimize performance: 

• Server Display Properties 

- Plain Background (no wallpaper pattern) 

- Display resolution of 800 x 600 or 1024 x 768 pixels 

- 256-color or 24 bit color mode 

• Server Mouse Properties 

- Select None for mouse pointer Scheme. 

- Deselect Enable Pointer Shadow. 

- Select Motion or Pointer Options and set the pointer Speed slider to the 
middle position. 

- Set pointer Acceleration to None. 
Microsoft® Windows Server 2003 Settings 

Use the following settings to optimize performance: 

• Server Display Properties 

- Plain Background (no wallpaper pattern) 

- Display resolution of 800 x 600 or 1024 x 768 pixels 

- 256-color or 24-bit color mode 

• Server Mouse Properties 

- Select None for mouse pointer Scheme. 
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- Select Disable Pointer Trails. 

- Deselect Enable Pointer Shadow. 

- Select Motion or Pointer Options, and set the pointer Speed slider to 
the middle position. 

- Deselect Enhanced Pointer Precision. 
Red Hat Linux and SuSE Linux Server Settings 

Use the following settings to optimize performance: 

• Server Display Properties 

- 1024 x 768 pixels or lower screen resolution 

- 256 colors 

• Server Mouse Properties 

- Set Pointer Acceleration to lx. For KDE, access the Control Center, 
select Peripherals/Mouse, then select the Advanced tab. 

• X Display Properties 

- On the X Preferences screen, set the font sizes to 12. 

Novell NetWare Settings 

Use the following settings to optimize performance: 

Server Display Properties 

• 800 x 600 pixels or lower screen resolution 

• 256 colors 

Enabling iLO Advanced Functionality 

The iLO Advanced functionality is enabled by licensing the optional iLO 
Advanced Pack. The iLO Advanced Pack contains an activation key that you 
must enter into iLO to enable advanced functionality. 
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To enable the iLO advanced functionality: 

1 . Log on to iLO through a supported Web browser. 

2. Click the Administration tab. 

3. Click Licensing to display the iLO Advanced License Activation screen. 
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4. Enter the activation key into the space provided. 

5. Click I Agree. 

The advanced features of iLO are now enabled. 



Installing iLO Device Drivers 



A majority of the iLO functionality is available without any operating system- 
based software or drivers. Two driver interfaces, however, are provided to the 
iLO management processor. 
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• The first interface is for the iLO Advanced System Management Driver. This 
driver is also known as the Health Driver and provides system management 
support, including monitoring of server components, event logging, and 
support for the HP Management Agents. 

• The second interface is for the iLO Management Interface Driver. This driver 
allows system software and SNMP Insight Agents to communicate with the 
iLO. 

The following sections provide instructions for installing iLO drivers for: 

• Microsoft® 

• Novell 

• Linux 

Refer to the HP website ( http ://w w w . hp .com/support ) for the latest versions of 
these drivers. 



Microsoft Windows NT, Windows 2000, and Windows Server 
2003 Driver Support 

The device drivers that support the iLO are part of the PSP that is located on the 
HP website ( http://www.hp.com/support ) or on the SmartStart CD. Before you 
install the Windows® drivers, obtain the Windows® documentation and the 
latest Windows® Service Pack. 

Microsoft® Relevant Files 

The CPQCIDRV.SYS file provides the iLO Management Interface Driver 
support. 

The CPQASM2.SYS, SYSMGMT.SYS, SYSDOWN.SYS files provide the iLO 
Advanced Server Management Controller Driver support. 

Installing or Updating the iLO Microsoft® Drivers 



The PSP for Microsoft® Windows® products includes an installer that analyzes 
system requirements and installs all drivers. 
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The PSP is available on the HP website ( http://www.hp.com/support ) or on the 
Smarts tart CD. 

NOTE: If you are updating the iLO drivers, be sure that the iLO is 
running the latest version of the iLO firmware. The latest version can be 
obtained as a Smart Component from the HP website 
( http://www.hp.com/servers/lights-out ). 

To install the drivers in the PSP, download the PSP from the HP website 
( http://www.hp.com/support ), run the SETUP.EXE file included in the 
download, and follow the installation instructions. For additional information 
about the PSP installation, read the text file included in the PSP download. 

Novell NetWare Server Driver Support 

The device drivers required to support iLO are part of the PSP that is located on 
the SmartStart CD and the HP website ( http://www.hp.com/support ). 

NetWare Relevant File 

The CPQHLTH.NLM file provides the Health Driver for NetWare. 

The CPQCI.NLM file provides the iLO Management Interface Driver support. 

Installing or Updating iLO NetWare Drivers 

The PSP for Novell NetWare includes an installer that analyzes system 
requirements and installs all drivers. The PSP is available on the HP website 
( http://www.hp.com/support ) and on the SmartStart CD. 

NOTE: If you are updating the iLO drivers, be sure that the iLO is 
running the latest version of the iLO firmware. The latest version can be 
obtained as a Smart Component from the HP website 
( http://www.hp.com/servers/lights-out ). 

To install the drivers, download the PSP from the HP website 
( http://www.hp.com/support ) to a NetWare server. After the PSP has been 
downloaded, follow the NetWare component installation instructions to complete 
the installation. For additional information about the PSP installation, read the 
text file included in the PSP download. 



22 



Integrated Lights-Out User Guide 



NOTE: When using NetWare 6.X, a RAGE-IIC video driver is provided 
by the operating system and should be used for best results. 



Red Hat Linux and SuSE Linux Server Driver Support 

The device drivers required to support iLO for Red Hat Linux and SuSE Linux 
are located on the SmartStart CD, Management CD, or on the HP website 
( http://www.hp.com/support ). 

Relevant Files 

You can download the PSP files containing the iLO driver, the foundation 
agents, and health agents from the HP website ( http://www.hp.com/support ). The 
instructions on how to install or update the iLO driver are available on the 
website. The HP Management Agents for Linux are: 

• ASM package 6.20.0 or later (hpasm) which combines the health driver, IML 
viewer, foundation agents, health agent, and standard equipment agent into 
one package. 

• RSM package 6.20.0 or later (hprsm) which combines the RIB driver, rack 
daemon, RIB agent, and rack agent into one package. 

These packages cannot upgrade previous versions of the agents and drivers. 
Remove previous agents before applying the new agents. Uninstall the agents 
and drivers by using the following commands: 



• 


rpm 


-e 


cpqrci 


• 


rpm 


-e 


cmanic 


• 


rpm 


-e 


cmastor 


• 


rpm 


-e 


cmasvr 


• 


rpm 


-e 


cmaf dtn 


• 


rpm 


-e 


cpqhealth 



Download and install the HP Linux Management Agents. An example of the 
package name is hpasm-6. 20.0-1 l.Redhat7_3.i386.rpm 
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Use the following commands to load the packages: 

rpm -ivh hpasm-d. vv. v-pp. Linux version . i38 6 . rpm 
rpm -ivh hprsm-d. vv. v-pp. Linux version . i38 6 . rpm 

where: d is the Linux distribution and version and 
vv.v-pp are version numbers. 

For additional information, refer to the Software and Drivers website 
( http ://w w w .hp . com/support ) . 

If necessary, you can uninstall, stop, or start the iLO by using the following 
commands: 

• Uninstall 

rpm -e cpqci 

• Stop 

/etc/rc . d/init . d/cpqci stop 

• Start 

/etc/rc . d/init . d/cpqrci start 

For additional information, refer to the Software and Drivers website 
( http ://w w w .hp . com/support ) . 
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Supported Server Operating System Software 

iLO is an independent microprocessor running an embedded operating system. 
This architecture ensures that the majority of the iLO functionality is available 
regardless of the host operating system. 

Graceful host operating system shutdown and Insight Manager 7 integration 
require Health Drivers and Management Agents. 

iLO provides interfaces for two drivers: 

• Advanced Server Management Controller Driver 

• iLO Management Interface Driver 

These drivers and agents are available for the following network operating 
systems: 

• Microsoft® 
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- Windows NT® 4.0 Server 

- Windows NT® 4.0, Enterprise Edition 

- Windows® 2000 Server 

- Windows® 2000 Advanced Server 

- Windows® Server 2003 

• Linux 

- Red Hat 7.3 

- Red Hat 8.0 

- Red Hat 9 

- Red Hat Server 2. 1 

- SuSE SLES 7.0 

- SuSE SLES 8.0 

• Novell 

- NetWare 5.x 

- NetWare 6 

Supported Browsers 

• Microsoft® Internet Explorer 

- Minimum: Microsoft® Internet Explorer 5.5 with with Service Pack 2 or 
later for Windows® 2000 or Windows® XP. If using single cursor mode 
in Remote Console, Java™ 1.3.1_02 or greater JVM is required. 

- Recommended: Microsoft® Internet Explorer 6.0 or later and Java™ 
1.4.X JVM for Windows® 2000 or Windows® XP. To download the 
recommended JVM for your system configuration, refer to the HP 
website ( http://www.hp.com/servers/manage/jvm ). 

• Linux 

- Netscape 7.x 
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- Mozilla 1.2.1 

Linux, Netscape and Mozilla require Java™ 1 .4. 1 JVM or later. To 
download the recommended JVM for your system configuration, refer to the 
HP website ( http ://w w w . hp. com/servers/manage/j vm ) . 

Certain browsers and operating system combinations might not work correctly 
depending on their implementations of the required browser technologies. 

Single and Dual Cursor Modes for Graphical Remote 
Console 

The Graphical Remote Console can utilize either a single or dual cursor mode. 

Remote Console (Dual Cursor) 

The Remote Console dual cursor option uses two mouse cursors in the Remote 
Console window to represent the mouse cursor of the remote server and the 
mouse cursor of the local client. The local client cursor is seen as a crosshair in 
the Remote Console window. The dual cursor option is supported with Java™ 
1 . 1 VM and later. If the two cursors drift apart, they can be synchronized and 
brought back together. To synchronize the remote and local cursors: 

1 . Right-click, drag, and move the local crosshair cursor to align with the 
mouse cursor of the remote server. 

2. Holding the Ctrl key, move the local crosshair cursor to align with the 
mouse cursor of the remote server. 

You might prefer the dual cursor option because you can see where the cursor 
exits the Remote Console applet window. HP recommends using the Remote 
Console dual cursor mode with text-based operating systems. 

Remote Console (Single Cursor) 

The Remote Console option presents a single mouse cursor during a Remote 
Console session. Synchronization of two cursors is eliminated, making 
navigation easier in the Remote Console window. 
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Single Cursor mode requires Java™ 1.3. 1_02 JVM or later for Microsoft® 
Internet Explorer, and Java™ 1.4.1 JVM for Netscape and Mozilla. To download 
the recommended JVM for your system configuration, refer to the HP website 
( http://www.hp.com/servers/manage/jvm) . 

NOTE: You will be redirected from the main site to the java.sun.com 
site. HP recommends using the version specified in the Remote 
Console help pages. You can obtain the specified version for Internet 
Explorer either from the java.sun site or on the Management CD. 

Common Usage Model 

The common usage model for iLO is a client PC running a supported browser 
connected over an external network to one or more iLO devices. Through DHCP 
and DNS, iLO is ready to use by plugging in the power of the host server and 
connecting an Ethernet cable to the dedicated iLO management port of the 
server. You can then use your Web browser to connect to iLO over an SSL 
connection. When logged in, you can remotely control the server from your 
client desktop. 

Using a supported Web browser, you can: 

• Remotely access the console of the host server in text mode only. 

• Remotely access the console of the host server in graphical mode with full 
keyboard and mouse controls (if licensed with the iLO Advanced Pack). 

• Remotely power up, power down, or reboot the host server. 

• Remotely boot a host server to a virtual CD or virtual floppy image to 
perform a ROM upgrade or to install an operating system (if licensed with 
the iLO Advanced Pack). 

• Send alerts from iLO regardless of the state of the host server. 

• Access troubleshooting features provided by iLO. 

• Launch a Web browser, use SNMP alerting, and diagnose iLO using Insight 
Manager 7. 

This section describes how to access the iLO features with a supported Web 
browser. All features are fully discussed and descriptions of all iLO 
configuration settings are given. 
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Graphical Remote Console and Virtual Media are advanced functions that must 
be enabled by licensing the optional iLO Advanced Pack. Advanced features are 
described and annotated. 

Connection Overview 

The servers in the following examples are equipped with two ports: a 
10/100/1000-Mbps NIC and a 10/100-Mbps iLO port. The two general scenarios 
are to either connect both ports on a corporate network or to connect the iLO port 
to a separate iLO network. The following is a discussion of the benefits and 
drawbacks of using each scenario. 

Corporate Network Connection 

The server has two ports that can be connected to a corporate network. This 
connection allows access to iLO from anywhere on the network. On a corporate 
network, however, network traffic can hinder iLO performance. 

This configuration reduces the amount of networking hardware and infrastructure 
required to support iLO. Configured in this manner, iLO can use existing 
DNS/DHCP servers and routers. 



Main NIC 

I 1 Client PCs 




Management Client 
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Integrated Lights-Out Network Connection 

Integrated Lights-Out can be on a separate dedicated management network. A 
separate network allows for a performance benefit, but iLO cannot be accessed 
directly from the corporate network under this configuration. 

A dedicated management network can also be used to increase the security of the 
iLO port. A separate network enables you to physically control which 
workstations are connected to management network. 



Client PCs 




Management Client 



Operational Overview 

• Virtual text Remote Console 

The standard iLO provides embedded hardware Remote Console capabilities 
on a text mode screen. The operating system-independent console supports 
text modes that display remote host server activities, such as shutdown and 
startup operations. 

• Virtual graphical Remote Console (if licensed with the iLO Advanced Pack) 
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iLO provides embedded hardware graphical Remote Console capabilities that 
turn a supported browser into a virtual desktop, giving the user full control 
over the display, keyboard, and mouse of the host server. The operating 
system-independent console supports graphic modes that display remote host 
server activities, such as shutdown and startup operations. 

• Power Cycle (Reset) 

If the remote host server is not responding, this feature enables an 
administrator to initiate a cold or warm reboot to bring the server back 
online. 

• Virtual Media (if licensed with the iLO Advanced Pack) 

With the Virtual Floppy Drive or Virtual CD Drive, an administrator can 
direct a remote host server to boot and use standard media from anywhere on 
the network, thus saving time and increasing efficiency by eliminating the 
need to visit a remote server to insert and use a diskette. Administrators can 
carry out any of the following functions remotely: 

- Applying ROMPaq upgrades to remote servers 

- Deploying an operating system on remote servers from the Virtual CD 
Drive, network drives, or by using the SmartStart Scripting Toolkit 

• Virtual Power Button 

With a supported browser interface, iLO can be used to remotely operate the 
power button of a host server. 

• Virtual Serial Port — Provides a Java™ applet that allows connection to the 
server serial port. The Java™ applet provides VT320 terminal emulation to 
access an application configured for the serial port. The Virtual Serial Port 
can be used for Windows® Server 2003 EMS. 

• Directory Services support (if licensed with iLO Advanced Pack) — Enables 
login to iLO using Active Directory or eDirectory accounts. Snap-ins to 
MMC and ConsoleOne centralize and simply the management of 
authentication and authorization to Lights-Out Management devices. 

• Remote Firmware Update 

This feature enables you to keep iLO current with the latest firmware 
available from HP. Updates to the ROM code on iLO are accomplished 
through the browser interface. 



32 



Integrated Lights-Out User Guide 



• Integration with Insight Manager 7 

Insight Manager 7 provides full integration with iLO. This integration 
includes: 

- Support for SNMP trap delivery to an Insight Manager 7 console 

- Support for SNMP management 

Insight Manager 7 is allowed to access the Insight Management Agents 
information through iLO. 

- Support for a management processor 

Insight Manager 7 adds support for a new device type, the management 
processor. All iLO devices installed in servers on the network are 
discovered in Insight Manager 7 as management processors. The 
management processors are associated with the servers in which they are 
installed. 

- Grouping of iLO management processors 

All iLO devices can be grouped together logically and displayed on 
one page. This capability provides access to iLO from one point in 
Insight Manager 7. 

- iLO hyperlinks 

Insight Manager 7 provides a hyperlink on the server device page to 
launch and connect to iLO. 

- HP Management Agents 

iLO, combined with HP Management Agents, provides remote access to 
system management information through the iLO Web browser interface. 

- ProLiant BL p-Class Support 

- iLO provides ProLiant BL p-Class rack information to allow Insight 
Manager 7 to draw a graphical representation of the rack. 

• Integration with RILOE II option boards 

The RILOE II board is supported as an option in servers with iLO. Previous 
generations of the Remote Insight boards, such as the Remote Insight 
board/PCI and the original RILOE board, are not supported in servers with 
iLO. 
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Integrated Lights-Out firmware version 1.10 or higher will detect the 
presence of the RILOE II and automatically disable the iLO functionality. 
Additionally, iLO firmware version 1.10 and higher will detect the presence 
of the original RILOE and display an invalid configuration message. 

To re-enable the iLO functionality after a RILOE II is removed, the Security 
Override Switch and the F8 ROM-Based Setup Utility for iLO must be used. 
Select Settings and then select Enabled for the "Lights-Out Functionality" 
setting. 

• Dedicated LAN network connectivity 

A 10/100- Mbps Ethernet chip on iLO provides administrators with a 
dedicated network connection. iLO provides in-band SNMP notification of 
server problems on a real-time basis without separate telephone connections 
or modem sharing devices. The NIC can auto-select speeds between 10 Mbps 
and 100 Mbps. 

• Scripted configuration of iLO 

All settings of iLO, including user settings, network settings, global settings, 
and SNMP/Insight Manager settings, can be configured through script files. 
Scripting can be launched from a Windows® client or, integrated with the 
SmartStart Scripting Toolkit, the ProLiant Essentials Rapid Deployment 
Pack, or Insight Manager 7. 

• Dial-up support 

iLO is available through dial-up access when using a modem router or 
external RAS connection to log on to the network. 

• VPN support 

iLO functionality is available around the world when used in conjunction 
with VPN technology. 

• SNMP alerts from iLO to a management console 

Using a management console, you can access certain server alerts, such as 
SNMP alerts and unauthorized access alerts. 

• User administration and security 
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iLO supports up to 12 users with customizable access rights, login names and 
advanced password encryption. Individual user's abilities are controlled by 
privileges. Each user may have privileges custom-tailored to their access 
requirements. 

To support more than 12 users, iLO Advanced 1.40 and later allows 
integration with directory-based user accounts. This enables virtually 
unlimited user accounts. 

iLO provides secure password encryption, tracking all login attempts and 
maintaining a record of all login failures. When login attempts fail, iLO also 
generates alerts and sends them to a remote management console. iLO also 
provides the following security features: 

- User defined TCP/IP ports 

- User actions logged in the iLO Event Log 

- Progressive delays for failed login attempts 

• 128-bit encryption of Web pages and Remote Console data 

iLO provides strong security for remote management in distributed IT 
environments by using industry-standard SSL encryption of HTTP data 
transmitted across the network. SSL encryption (up to 128-bit) ensures that 
the HTTP information is secure as it travels across the network. 

SSL is a network protocol layer, located directly under the application layer, 
with responsibility for the management of a secure (encrypted) 
communication channel between the client and server. 

Remote Console data is protected using 128-bit RC4 bi-directional 
encryption. 

• Auto configuration of IP address using DNS/DHCP 

iLO provides automatic network configuration. iLO comes with a default 
name and DHCP client that leases an IP address from the DHCP server on 
the network. For systems that do not use DNS/DHCP, iLO allows static IP 
configuration. 

The default user name, password, and DNS name are: 
User name: Administrator 

Password: A random, eight-character, alphanumeric string 
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DNS name: ILOXXXXXXXXXXXX where the 12 Xs represent the serial 
number of the server in which the iLO processor is located. The DNS name 
of iLO is configurable by the user. 

NOTE: User names and passwords are case sensitive. 



iLO manages the IML of the server, which can be accessed by using a 
supported browser, even when the server is not operational. This capability 
can be helpful when troubleshooting remote host server problems. 

• RBSU F8 

This versatile, system-independent RBSU enables fast and easy setup of iLO. 

• Single mouse cursor mode 

Single Cursor mode requires Java™ 1.3.1_02 JVM or later for Microsoft® 
Internet Explorer, and Java™ 1.4.1 JVM for Netscape and Mozilla. To 
download the recommended JVM for your system configuration, refer to the 
HP website ( http ://w w w . hp. com/servers/manage/j vm ) . 

NOTE: You will be redirected from the main site to the java.sun.com 
site. HP recommends using the version specified in the Remote 
Console help pages. You can obtain the specified version for Internet 
Explorer either from the java.sun site or on the Management CD. 

• HP ProLiant BL p-Class 

This setting enables you to manage the Rack, Enclosure, and Bay names for 
easier identification, as well as control power source options and rack alert 
options. Diagnostic information for the server blade management module and 
the power management module are also available. This tab is displayed only 
if you are using a supported ProLiant BL p-Class server. 



iLO is configured with a default user name, password, and DNS name. A 
network settings tag with the preconfigured values is attached to the server 
containing the iLO management processor. Use these values to access iLO 
remotely from a network client using a standard Web browser. 



IML 



Accessing 



iLO for the First Time 
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IMPORTANT: For security reasons, HP recommends changing the 
default settings after accessing iLO for the first time. 

The default values are: 

• User name: Administrator 

• Password: A random, eight-character, alphanumeric string 

• DNS name: ILOXXXXXXXXXXXX, where the 12 Xs represent the serial 
number of the server 

NOTE: User names and passwords are case sensitive. 
To access iLO for the first time: 

1 . Enter the iLO IP address or DNS name in the address bar of the Web 
browser. 

NOTE: This procedure assumes that your network supports 
DNS/DHCP. If not, you must configure the IP address using the RBSU 
or, for ProLiant BL p-Class servers, through the iLO Diagnostic Port. 

2. When connecting to iLO in a browser for the first time, you will receive a 
security alert, as shown. 



Spr..,rif„Alprf )X 




Irfcrnnaflion you exchange wilh this site cannot be viewed or 
changed by atheis. However, Iheie is a piotrem wih the site's 
certificate. 



■ j\ The security cerlilicale war? issued by a company you hawe 
rid chosen ta tiusl. View Ihe ceililicate to dstsmihe whelhEr 
*0U warU to Irutt (he tertifjirts **oiiljf. 

^ T he seculty ceHilicare dale is 

Q Ths secmity CBrlilicate has a valid rare matchhg fre name 
of Ihe page you are dying to view. 

Do you waul to proceed? 



| frs 1 | Mo 1 | View Cerfale] 



3. 



This alert is displayed because the default SSL certificate that is dynamically 
generated by iLO is not known to the browser. You can view and install the 
certificate or click Yes every time you want to access iLO. 
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NOTE: Refer to the "Certificates (on page 97)" section to import a 
certificate signed by a CA. 

4. If you click Yes, the browser continues to the login screen of iLO. The alert 
message displays each time that you access the iLO management processor 
in a browser. 

5. If you click No, you are returned to the Welcome screen of iLO. 

6. If you click View Certificate, a popup window displays the certificate 
information, as shown. Installing the default certificate onto the browser 
prevents the security alert message from being displayed in the future. 

7. To install the certificate, proceed to step 8. If you choose not to install the 
certificate, proceed to step 9. 



General | UtHitk j CAtfcafari Path | 



_ 



r.r:rfific,ili' Inlrnm.Llirin 



I hit CA Fool ccilificale n mot trujlcd. To enable 
Iruifl, Hiilal (hix cedilicatc into (he Tiuiked Final 
Certification Authorises sldie. 



Usucdlo: toi 
If sued by: 

V.ilidlHHii 5/1 SflW lo VI 3/20 



jrsHsl CotAoalft ! 



OK 



NOTE: If the certificate is removed from your browser, if you have 
upgraded the firmware, or if iLO is rebooted, the security alert message 
will be displayed again. 



8. Install the default certificate to your browser: 
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a. Click Install Certificate. The Certificate Import Wizard starts. 

b. Click Next. 

c. Click Next for the browser to automatically select the certificate store 
when the Certificate Store window is displayed. 

d. Click Finish when the Completing the Certificate Import Wizard 

window is displayed. 

e. Click Yes to confirm the installation of the default certificate when the 
confirmation window is displayed. 

f. Click OK to acknowledge that the certificate import was successful. 

g. Click OK in the Certificate window to return to the Security Alert 

window. 

h. Click Yes in the Security Alert window to log in. 

9. When the browser completes the SSL connection to iLO, the Account Login 
screen prompts you for a user name and password. Use the default user name 
and password from the Network Settings tag and click Log In. 




jWTiEcinsiKjfu-avr 
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10. After the default user name and password have been verified, the Status 
Summary screen is displayed. 



iLO 
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Status Summary 
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NOTE: The BL p-Class is not illustrated in this and subsequent screen 
shots. 

The iLO Status Summary provides general information about iLO, such as the 
user currently logged on, server name and status, iLO IP address and name, and 
latest log entry data. The Status Summary screen also shows whether iLO has 
been configured to use HP Web-Based Management and Insight Management 
Web agents. 



Progressive Delays for Failed Browser Login Attempts 

After an initial failed login attempt, iLO imposes a delay of five seconds. After a 
second failed attempt, iLO imposes a delay of 10 seconds. After the third failed 
attempt, iLO imposes a delay of 60 seconds. All subsequent failed login attempts 
cycle through these values. An information page is displayed during each delay. 
This scenario continues until a valid login is completed. 

This feature assists in defending against possible dictionary attacks against the 
browser login port. 
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Help 



Assistance for all iLO options is available by means of the iLO Help option. 
These links provide summary information about the features of iLO and helpful 
information for optimizing its operation. To access page-specific help, click the ? 
on the right side of the browser window. 



The following options are available within the System Status tab and, enable 
you to see general and detailed server status information, view event and 
management log data, and view diagnostic data. 



The Status Summary screen provides general information about iLO, such as 
the current user, server name and status, iLO IP address and name, and latest log 
entry data. 



The iLO Status option provides comprehensive iLO status information, 
including: 

• The current user 

• The status and availability of the Remote Console 

• The date and time currently in use by iLO 

• The revision information of the iLO firmware 



System 



Status 



Status Summary 



iLO Status 
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The product version (iLO Standard or iLO Advanced) of iLO 



iLO 
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Server Status 

The Server Status option provides comprehensive status information about the 
server, including: 

• Server name associated with the iLO management processor 

NOTE: The Server Name field reports host is unnamed if the HP 
Management Agents are not loaded on the host server. 

• Server power status 

• Server video mode 
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Server keyboard and mouse type 



iLO 



Server Name: HP-PKKJFORBWFDG 

iLO Nome: ILOD23«iJ*4O00S 
Cum:nt User: Administrator 



P e mote Console 


Virtual Devices 1 
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Server Status 



EHranaaiEiEn 

9 



Server information 



Server Nome: HP-PKyjFORBWFDG 

Server ID: D23*J'MOaa2 

Server Power Status; OH 

Server video Mode: Graphics 

Server Keyboard: l(J2-key OompatiblB 

Server Mouse: PS2 



System Status 
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iLO Event Log 

The iLO Event Log is an operating system-independent log that maintains a 
record of events by date and time. Logged events include major server events, 
such as a server power outage or a server reset, and iLO events, such as an 
unauthorized login attempt. 

Other events logged include any successful or unsuccessful browser and Remote 
Console logins, virtual power and power cycle events, and clear event log 
actions. Some configuration changes, such as creating or deleting a user, are also 
logged. 

Clicking Clear Event Log clears the iLO event log of all previously logged 
information. Click OK to confirm that you want to clear the event log. A line 
indicating that the log has been cleared is logged. 

NOTE: Events logged by higher versions of iLO firmware may not be 
supported by lower version firmware. If an event is logged by an 
unsupported firmware, the event will be listed as unknown event 
type . You may clear the event log to eliminate these entries, or 
update firmware to the latest supported version to resolve this cosmetic 
issue. 



Using Integrated Lights-Out 43 



Integrated Management Log 

The IML enables you to view logged remote server events. Logged events 
include all server-specific events recorded by the system health driver, including 
operating system information and ROM-based POST codes. For more 
information, refer to the server guide. 

Clicking Clear Event Log clears the IML event log of all previously logged 
information. Click OK to confirm that you want to clear the event log. A line 
indicating that the log has been cleared is logged. 

Server and iLO Diagnostics 

The Server and iLO Diagnostics option provides comprehensive diagnostic 
information, as described in the following sections. 

NOTE: When connected through the Diagnostics Port, the directory 
server is not available. You can log in using a Local account only. 

POST Diagnostic Results for the Host Server 

As an integrated management processor, iLO monitors the progress of the boot 
process of the server. The host server ROM writes POST codes as it is booting. 
iLO records and displays these codes. Selected POST codes are considered to be 
milestone codes and will have a description associated with them. You may use 
these milestone codes and descriptions to determine how far the server 
progressed through the boot process. 

The POST codes document the booting process of the ROM bios. A code 
indicates the start of a particular phase of the boot process. The POST code 
results can be used to determine the general phase in which the boot process 
stopped. Use of the POST codes alone is usually not sufficient to diagnose the 
actual root cause of a stopped boot process. The POST codes should be used in 
conjunction with other tools, such as the IML, the local or iLO Remote Console, 
and the Diagnostic utilities to determine the root cause of a stopped boot process. 

The following list includes all of the POST codes and Diagnostic Results for the 
host server tracked by iLO for a routine boot sequence on ProLiant servers. 
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Code 


oTarl OT rnase 


rtU4 


tioM inuia.Mzai.iun 


rtUo 


rOI inlTlcUIZcUlon 


rtUO 


rrocessor iniiiaiizaiion 


rt IU 


video iniiiaiizaiion 


cr-j a 


/~\ l~l /~\ Initial 1 ~ 7 ^ 1 k~\ 

oacne initialization 


rt lo 


1 ICR 1 rtitio ligation 

Uou initialization 


rtlU 


Memory i est 




iviemory initialization 




1 ICR Q+orh irt 

Uod otartup 




rioppy ooniroiier i est 


crop 


upuon nuivi initialization 


rtoU 


m 1 Mr 1 vjpuon nvjivi initialization 


rro/i 

rto4 


□do initialization 


rtoo 


Begin dkjkj i process 


crop 

rtoU 


Attempting oOoi uu tsoot 


rt4U 


Attempting rioppy Boot 




Attomntinn 1— IP) Rnnt 

rtLieriiptuiy nLJ buul 


FE48 


Attempting CD Boot 


FE4C 


Attempting PXE Boot 


FE50 


Passing control to boot sector code 


FE54 


No bootable devices 



NVRAM Environment Variables Listing 

HP uses NVRAM to store server environment variable information. This 
information can be useful to HP engineers and advanced customers who have 
detailed knowledge of HP System Management architecture. 
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Virtual NMI Button 



The Virtual NMI button halts the operating system for debugging purposes. This 
is an advanced feature that should only be used by kernel debuggers. 



iLO Self-Test Results 



The results of the iLO Self-Test are displayed in this section of the Web page. 
All tested subsystems should display Passed under normal situations. 
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POST diagnostic results for the host server 
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Remote Console 

The following is a list of the options available within the Remote Console tab, 
which provides access to different views of the Remote Console and enables you 
to define keystroke sequences that will be transmitted to the remote host server at 
the press of a hot key. Text mode is standard. The Graphical Remote Console can 
be enabled by licensing the iLO Advanced Pack. 
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Remote Console Information Option 

The Remote Console Information option displays information concerning the 
Remote Console options available, as well as a link to download an updated 
Java™ Runtime Environment, which is necessary for using Remote Console with 
the single cursor option ("Single Mouse Pointer in the Remote Console" on page 
48). 

The Remote Console Information option also displays whether the Remote 
Console is in use or is available. Although up to 10 users are allowed to 
simultaneously log in to iLO, only one user at a time can access the Remote 
Console. A warning message is displayed to say the Remote Console is already 
in use. 

NOTE: You can only open either a Telnet session or a Remote 
Console Session at a time, not both simultaneously. An error message 
will generate if both sessions are attempted at the same time. 

NOTE: Remote console will not be available if the remote console port 
configuration on the Global Settings tab is set to disabled. 

Remote Console Option 

The Remote Console option redirects the host server console to the 
network client browser, providing full text (standard) and graphical mode video, 
keyboard, and mouse access to the remote host server (if licensed with the iLO 
Advanced Pack). 

With the Remote Console, you have complete control over a remote host server 
as if you were in front of it. You can access the remote file system and the 
network drives. The Remote Console enables you to change hardware and 
software settings of the remote host server, install applications and drivers, 
change remote server screen resolution, and gracefully shut down the remote 
system. 

With the Remote Console, you can observe POST boot messages as the remote 
host server restarts and initiate ROM-based setup routines to configure the 
hardware of the remote host server. When installing operating systems remotely, 
the graphical Remote Console (if licensed) enables you to view and control the 
host server screen throughout the installation process. 
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For best performance, be sure to configure the host operating system display as 
described in "Optimizing Performance for Graphical Remote Console (on page 
16)." 



fSffl no 



Sr-stt-m ttaius |Hamab» ttiririjlD | vin-j-sl ut di'ii-i | AdininlHi -AUaa 



jliU" 



Remote Console 



■ i . 1 1 . i . jj . 1 1 . i ■ ■ ■ . i . ■ . 1 1 j 
9 



The Remote Console screen has been opened in a new browser window. 
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Enhanced Features of the Remote Console 

The Remote Console applet contains four buttons that provide iLO with 
enhanced features. These buttons have the following functions: 

• Refresh — Because there might be instances when the Remote Console 

screen is not displaying the latest data, click Refresh to force iLO to repaint 
the screen. 

• Ctrl-Alt-Del — Use this button to enter the key sequence Ctrl+Alt+Del into 
the Remote Console. 
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• Alt Lock — Use the Alt Lock box to transmit a key sequence beginning with 
Alt to the server from the Remote Console session. 

• Character Set — Use this menu to change the default character set used by 
the Remote Console. Modifying the Remote Console character set ensures 
the correct display of characters. 

Single Mouse Pointer in the Remote Console 

One feature of the Remote Console is a single mouse pointer, which means that 
the local cursor is not displayed when the mouse cursor is over the Remote 
Console screen. 

For this feature to work properly, you must download Java™ 1.3.1 JVM or later 
for Internet Explorer or 1.4. 1 JVM for Linux browsers, and install it on the client 
machine. The remote server does not require any other software to obtain a single 
mouse pointer. You can download Java™ 1.3.1 JVM from the HP website 
( http://www.hp.com/servers/manage/jvm ). 

Linux users should use the 1 .4. 1 Java2™ Runtime Environment, Standard 
Edition also available on the HP website 
( http://www.hp.com/servers/manage/jvm ). 

NOTE: You will be redirected from the main site to the java.sun.com 
site. HP recommends using the version specified in the Remote 
Console help pages. You can obtain the specified version for Internet 
Explorer either from the java.sun site or on the Management CD. 

Links to download the required JVMs are available on the Remote Console 
Information screen. 

Remote Console Linux Settings 

When using the iLO Remote Console to display text screens in Linux, border 
characters or other line drawing characters might not display correctly. 

To properly configure the Remote Console text mode character set 

• Click the Character Set pull-down menu from the Remote Console applet. 

• Select the Latl-16 character set. 
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Remote Console (Dual Cursor) Mode 

All the features discussed in the "Remote Console (on page 45)" section are 
available when using Remote Console (dual cursor). When selecting this option, 
there will be two cursors on the screen: the main cursor and a secondary cursor 
within the Remote Console (dual cursor) frame. When passing the main cursor 
across the Remote Console frame, the secondary cursor will track to the main 
cursor. 

The mouse cursor of the client computer is displayed within the Remote Console 
as a cross-hair symbol. Some iLO users prefer to see exactly where the client 
computer mouse cursor is located. For best performance, be sure to configure the 
host operating system display as described in "Optimizing Performance for 
Graphical Remote Console (on page 16)". 

The Remote Console (dual cursor) option is your only Remote Console option if 
you choose not to download an updated Java™ Runtime Environment. 

Remote Console Hot Keys 

The Remote Console hot keys feature enables you to define up to six multiple 
key combinations to be assigned to each hot key. When a hot key is pressed in 
the Remote Console, on client systems, the defined key combination (all keys 
pressed at the same time) will be transmitted in place of the hot key to the remote 
host server. 

To define a Remote Console hot key: 

1. Click Remote Console Hot Keys in the Remote Console tab. 

2. Select the hot key you want to define and use the drop-down boxes to select 
the key sequence to be transmitted to the host server at the press of the hot 
key. 

3. Click Save Hot Keys when you have finished defining the key sequences. 

The Remote Console Hot Keys screen also contains a Reset Hot Keys option. 
This option clears all entries in the hot key fields. Click Save Hot Keys to save 
the cleared fields. 
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NOTE: The Remote Console Hot Keys are active during a remote 
console session via the Remote Console applet and during a text 
remote console session via a telnet client. 

Troubleshooting a Remote Host 

Troubleshooting a remote host server may require restarting the remote system. 
You can restart the remote host server by using the options listed in the Virtual 
Devices tab. Both options display the current power status of the server. 

Virtual Devices 

The following is a list of the options available within the Remote Console tab, 
which provides remote Virtual Power Button, Virtual Media, and Virtual 
Indicators capabilities. Virtual Media can be enabled by licensing the iLO 
Advanced Pack. 
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Virtual Power Button 

The Virtual Power button allows control of the power state of the remote server 
and simulates pressing the physical power button on the server. To use the 
Virtual Power button, select the power option that you want and click Virtual 
Power button to initiate the power option. 
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NOTE: Some of these features will not gracefully shut down the 
operating system. An operating system shutdown should be initiated 
using the Remote Console before using the Virtual Power Button. 

Use the refresh feature of the browser to keep the status of the power 
indicator up to date. 

The available power options are: 

• Momentary Press — This option simulates a momentary press of the power 
button. A momentary press is usually sufficient to turn off a server that is 
currently on or to turn on a server that is currently off. To use this option, 
select Momentary Press and click the Virtual Power button. 



52 



Integrated Lights-Out User Guide 



• Press and Hold — This option presses and holds the power button for 
six seconds, which is useful in forcing the system to power off if the 
operating system is not responding to the momentary press. To reboot the 
system, select Cold Boot of system and then click the Virtual Power button. 
This will immediately remove power from the system. The system will 
restart after approximately six seconds. This option is not displayed when the 
server is off. 

NOTE: Using this option will circumvent any graceful shutdown 
features of the operating system. 

• Cold Boot of system — This option turns the server off, then back on. 

• Warm Boot of system — This option causes the server to reset, without 
turning it off. To use this option, selecting Warm Boot of system and click 
the Virtual Power button. This option is not displayed when the server is 



NOTE: Using this option will circumvent any graceful shutdown 
features of the operating system. 

• Automatically Power On Server — This option automatically turns the 
server on when AC power is applied, if Yes is selected. AC power is applied 
when the server is plugged in or when a UPS is activated after a power 
outage. The server automatically powers on and begins the normal server 
booting process. 

• Manual Override for BL p-Class — This option is displayed only when you 
are connected to a ProLiant BL p-Class server. This option enables you to 
forcibly power on a server, even if the rack reports insufficient power. An 
improperly configured rack or rack communication problem may cause a 
server to not power on when sufficient power is available. This option should 
only be used if you are certain your rack has sufficient power capacity. 



L J CAUTION: It is possible using the Manual Override for BL p- 

Class option to power on servers that exceed the power available from 
the power supplies. Exceeding the available power can cause loss of all 
servers in the rack, server failures, and loss or corruption of data. HP 
recommends correcting configuration or communication problems to 
ensure reliable operation. 



off. 




Using Integrated Lights-Out 53 



Virtual Media 

Virtual Media is advanced functionality enabled by licensing the optional iLO 
Advanced Pack. If not licensed, the message iLO feature not licensed is 
displayed. 

The iLO Virtual Media option provides the administrator with a Virtual Floppy 
disk drive and a Virtual CD drive. The iLO Virtual Media devices connect to the 
host server using USB technology. The iLO Virtual Media devices are available 
when the host system is booting. Using USB also enables new capabilities for the 
iLO Virtual Media devices when connected to USB-supported operating systems. 
The iLO Virtual Media devices are available to the host operating system, on 
USB-supported operating systems, without any additional HP drivers running on 
the server. 

Different operating systems provide varying levels of USB support. The iLO 
Virtual Media is configurable to address these varying levels of support 
("Operating System USB Support" on page 53). 

Operating System USB Support 

The different operating systems provide varying levels of USB support. iLO uses 
the built-in USB drivers of the operating system. The level of support for 
iLO Virtual Media is affected by the level of USB support in the operating 
system. In general, any operating system issues that affect a physical USB floppy 
drive will also impact the iLO Virtual Media. 

Support at server boot time for Virtual Floppy is provided by the HP server 
ROM. The Virtual Floppy will be available at boot time regardless of the server 
operating system. 

The following server operating systems do not support USB media and, 
therefore, do not have access to Virtual Floppy during operating system run time: 

• Microsoft® Windows NT® 4.0 

• Linux Red Hat (before 7.2) 

• SuSE Linux (before 7.0) 

• Novell NetWare 5.x and 6 
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Certain Linux operating systems do not correctly support USB Virtual Floppy 
drives at operating system install time. The iLO Virtual Media should not be 
used during the installation of the following Linux operating systems: 

• Linux Red Hat 7.2 Professional 

• SuSE Linux 7.0 

Windows® 95 OSR 1 does not support any USB devices. Therefore, SmartStart 
5.x CDs cannot be used with the iLO Virtual Media. 



The table below lists operating system USB capabilities and the corresponding 
iLO Virtual Media capabilities. 
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Using iLO Virtual Media Devices 

To use the iLO Virtual Media devices, select the Virtual Media option on the 
Virtual Devices tab. An applet loads in support of the virtual floppy or virtual 
CD-ROM device. 

There are four modes supported by the Virtual Media applet. The desired 
operating mode is selected by clicking the Configure button in the Virtual Media 
applet. The four modes are 

• Floppy only — In this mode, only the virtual floppy disk is available. 

• CD-ROM only — In this mode, only the virtual CD-ROM disk is available. 

• Automatic — In the Automatic mode, the device that is selected last is the 
device that is available. Only one of the devices (Virtual Floppy or Virtual 
CD) can be selected at any one time. 

• Composite — In the composite mode, either one or both of the devices can be 
selected. If both devices are selected, then both devices are available at the 
same time. In composite mode, neither CD-ROM or floppy are available for 
use locally on the client machine. Not all operating systems support the 
composite mode. 

- Bios and DOS® support composite mode. 

- Windows® 2000, Windows® 2000 with SP1 ,SP2 do not support 
composite mode for mass storage devices. Any composite device 
configuration that includes a mass storage device will result in an 
unavailable mass storage device. 

- Windows® 2000 with SP3 supports composite mode. 

- Windows® Server 2003 supports composite mode. 

- Linux supports composite mode, with the exception of multiple mass 
storage devices in your composite device. A composite device consisting 
of multiple mass storage devices will have disconnect and reconnect 
problems. Composite mode supports composite devices such as a 
keyboard, mouse and floppy. 
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iLO Virtual Floppy 

The iLO Virtual Floppy disk is available at server boot time for all operating 
systems. Booting from the iLO Virtual Floppy allows you to upgrade the host 
system ROM, deploy an operating system from network drives, and perform 
disaster recovery of failed operating systems, among other tasks. 

If the host server operating system supports USB mass storage devices, then the 
iLO Virtual Floppy will also be available after the host server operating system 
loads. You can use the iLO Virtual Floppy when the host server operating system 
is running to upgrade device drivers, create an emergency repair diskette, and 
perform other tasks. Having the Virtual Floppy available when the server is 
running can be especially useful if the administrator needs to diagnose and repair 
a problem with the network interface controller driver. 

The Virtual Device can be the physical floppy drive where you are running the 
Web browser, or an image file stored on your local hard drive or network drive. 
For maximum performance, HP recommends the use of local image files stored 
either on the hard drive of your Client PC or on a network drive accessible 
through a high-speed network link. 

To use a physical floppy drive in your client PC: 

1 . Select Local Floppy Drive. 

2. Select the drive letter of the desired physical floppy drive on your client PC 
from the dropdown menu. 
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3. Click Connect. 
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To use an image file: 

1 . Select Local Image File within the Virtual Floppy section of the Virtual 
Media applet. 

2. Enter the name of the diskette image in the text box. You can also use 
Browse to locate image files. 

3. Click Connect. 

When connected, the Virtual Devices will be available to the host server until 
you close the Virtual Media applet. When you are finished using the Virtual 
Floppy, you can either select to disconnect the device from the host server or 
close the applet. 
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NOTE: The Virtual Media applet must remain open in your browser as 
long as you continue to use a Virtual Media Device. 

The iLO Virtual Media floppy will be available to the host server at run time if 
the operating system on the host server supports USB floppy drives. Windows® 
2000 and Linux operating systems support USB floppy drives at the time of the 
publication of this manual. 

The iLO Virtual Floppy appears to your operating system just like another floppy 
as shown. This example displays iLO using a Virtual Floppy connected as B. 

NOTE: The host operating system may prompt you to complete a New 
Hardware Found wizard the first time you use the iLO Virtual Media 
feature. 

NOTE: You might receive a warning message from the host operating 
system regarding unsafe removal of a device when you disconnect from 
the iLO Virtual Media feature. This warning can be avoided by using the 
operating system-provided feature to stop the device before 
disconnecting it from the Virtual Media. 

Creating an iLO Virtual Floppy Image 

The iLO Virtual Media feature enables you to create floppy image files within 
the same applet. You can create image files from diskettes and create diskettes 
from existing image files. The performance of iLO Virtual Floppy is faster when 
image files are used. 

To create a Virtual Media image file: 

1 . Click Create Disk Image. 

2. Select the drive letter and the image file name. You can use the Browse 
feature to find and select an existing image file or to change the directory in 
which the image file will be created. 

3. Click Create. The Virtual Media applet begins the process of creating the 
image file. The process is complete when the progress bar reaches 100 
percent. 

Disk » Image changes to Image » Disk when clicked. Use this button to 
switch from creating image files from physical diskettes to creating physical 
floppy diskettes from image files. 
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Mounting a USB Virtual Media Floppy in Linux 

1 . Access iLO through a browser. 

2. Click Virtual Media in the Virtual Devices tab. 

3. Select a diskette drive or diskette image to be used and click Connect. 

4. Load the USB drivers, using the following commands: 

modprobe usbcore 
modprobe usb-storage 
modprobe usb-ohci 

5. Load the SCSI disk driver, using the following command: 
modprobe sd mod 

6. Mount the floppy drive, using the following command: 
mount /dev/sda /mnt/f loppy -t vfat 

NOTE: Use the man mount command for additional file system types. 

iLO Virtual CD-ROM 

To use the iLO Virtual CD, select the Virtual Media option on the Virtual 
Devices tab. An applet loads the Virtual CD device. 

To use a physical floppy drive in your client PC: 

1 . Select Local CD-ROM Drive. 

2. Select the drive letter of the desired physical CD-ROM drive on your client 
PC from the dropdown menu. 
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3. Click Connect. 




Mounting a USB Virtual Media CD ROM in Linux 

1 . Access iLO through a browser. 

2. Click Virtual Media in the Virtual Devices tab. 

3. Select a CD-ROM to be used and click Connect. 

4. Load the USB drivers using the following commands: 

modprobe usbcore 
modprobe usb-storage 
modprobe usb-ohci 

5. Load the SCSI CD-ROM disk driver using the following command: 
modprobe sr mod 

6. Mount the floppy drive using the following command: 
mount /dev/scdO /mnt/cdrom -t iso9660 
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NOTE: Use the man mount command for additional file system types. 
Virtual Media Applet Time-out 

The Virtual Media applet does not have a time-out when Virtual Media is 
connected to the host server. Even when the user logs out, the Virtual Media 
applet will maintain the connection so the host server has access to the Virtual 
Media. However, the Virtual Media applet does have a timeout when Virtual 
Media is not connected. If you are starting the Virtual Media applet without 
connecting Virtual Media to the host server or disconnecting Virtual Media after 
using the applet, there is a limited time to reconnect before the Virtual Media 
applet closes. The timeout value is the same as the value set in the Idle 
Connection Timeout (minutes) field on the Global Settings screen. When the 
Idle Connection Timeout occurs, the user will be logged out and the Virtual 
Media applet will be closed unless Virtual Media is connected. 

iLO Virtual Media Privilege 

The ability to use the iLO Virtual Media is restricted by an iLO User Privilege. 
Authorized users must have the Virtual Media privilege to select a Virtual Media 
Device and connect it to the host server. 

IMPORTANT: Do not attempt to upgrade the iLO firmware from a 
ROMPaq diskette using the iLO Virtual Floppy. The preferred method of 
remotely upgrading the iLO firmware is to use the Upgrade iLO 
Firmware option on the Administration tab. 



Virtual Serial Port 

The Virtual Serial Port provides a Java™ applet that allows connection to the 
server serial port. The Java™ applet provides VT320 terminal emulation to 
access an application configured for the serial port. 

Windows EMS Console 

A feature of Windows® Server 2003 is the EMS. The typical usage model for the 
EMS console is to physically connect a serial cable to the server. iLO, however, 
enables you to use EMS over the network through a Web browser. Microsoft® 
EMS gives you the ability to display running processes, change the priority of 
processes, and halt processes. The EMS console and the iLO Remote Console 
may be used at the same time. 
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The Windows® EMS Console, if enabled, provides the ability to perform EMS 
in cases where video, device drivers, or other operating system features have 
prevented normal operation and normal corrective actions from being performed. 

The Windows® EMS serial port must be enabled through the host system RBSU. 
The configuration allows for the enabling or disabling of the EMS port, and 
allows for the selection of the COM port. The iLO system will automatically 
detect whether the EMS port is enabled or disabled, and the selection of the 
COM port. 

To obtain the SAO prompt, typing entering Enter may be required after 
connecting through the Virtual Serial Port console. 

For more information on using the EMS features, refer to the Windows® Server 
2003 Server documentation. 

Security Information 

If Remote Console Data Configuration is enabled, the Virtual Serial Port data 
stream is encrypted as data is passed between the iLO system and the viewing 
applet. 

Virtual Indicators 

iLO provides the ability to monitor and control the status of the Unit ID LED. 
The Unit ID LED is the blue LED on the HP server that is used for identifying 
systems in a rack full of servers. iLO enables you to view the status of the Unit 
ID LED and change the status using iLO Web pages. 

The Unit ID LED also blinks whenever a critical Remote Management task is 
currently active on the server. A blinking Unit ID LED indicates that the server 
is in the midst of an activity that you should not interrupt. Never remove power 
from a server with a blinking Unit ID LED. 

The Unit ID LED will blink while the server is under active iLO Remote Console 
control, while iLO settings are being modified through XML scripting, while the 
iLO firmware is being updated. 
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Administration 

The options available in the Administration tab enable you to manage user 
settings, SNMP alerting through integration with Insight Manager 7, security 
settings, and network environment settings. This section also provides a firmware 
upgrade option that allows you to keep iLO current. 

User Administration 

User Administration enables you to manage the user accounts stored locally in 
the secure iLO memory. Directory user accounts are managed using MMC or 
ConsoleOne snap-ins. Using the User Administration screen, you can add a new 

user, view or modify an existing user's settings, or delete a user. 

NOTE: To align common directory server architecture on all Lights-Out 
Management devices, version 1 .40 of the iLO firmware has different 
user privileges from previous versions of the firmware. 

Adding a New User 

IMPORTANT: Only users with the Administer User Accounts privilege 
can manage other users on iLO. 

You can assign a different access privilege to each user. Each user can have a 
unique set of privileges, designed for the tasks that the user must perform. Access 
to critical functions, such as Remote Console, Managing Users, Virtual Power 
Button, and other features can be denied. 

iLO supports the configuration of up to 12 users. Login attempts are tracked and 
login failures are logged. You have the option of generating alerts on a remote 
management PC running Insight Manager 7 when login attempts fail. iLO 
supports all LAN-oriented security features and dynamic password encryption. 

To support more than 12 users, iLO Advanced 1.40 and later allows integration 
with directory-based user accounts. This enables virtually unlimited user 
accounts. 

To add a new user to iLO: 

1 . Log on to iLO using an account that has the Administer User Accounts 
privilege. Click Administration. 
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2. Click User Administration. A screen similar to the one shown is displayed. 
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3. Click Add. 

4. Complete the fields with the necessary information for the user being added. 

5. When the user profile is complete, click Save User Information to return to 
the User Administration screen. To clear the user profile form while 
entering a new user, click Restore User Information. 

Viewing or Modifying an Existing User's Settings 

IMPORTANT: Only users with the Administer User Accounts privilege 
can manage other users on iLO. All users may change their own 
password using the View/Modify User feature. 

To view or modify an existing user's information: 

1 . Log on to iLO using an account that has the Administer User Accounts 
privilege. Click Administration. 

2. Click User Administration and select from the list the name of the user 
whose information you want to change. 

3. Click View/Modify User. 
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4. Change the user information in the fields that require modification. After 
changing the fields, click Save User Information to return to the User 
Administration screen. To recover the user's original information, click 
Restore User Information. All changes made to the profile will be 
discarded. 

Deleting a User 

IMPORTANT: Only users with the Administer User Accounts privilege can manage other 
users on iLO. 

To delete an existing user's information: 

1 . Log on to iLO using an account that has the Administer User Accounts 
privilege. Click Administration. 

2. Click User Administration and select from the list the name of the user 
whose information you want to change. 

3. Click Delete User. A pop-up window is displayed stating, Are you sure 
you want to delete the selected user ? Click OK. 



Network Settings 

The Network Settings option enables you to view and modify the NIC IP 
address, subnet mask, and other TCP/IP-related settings. From this screen you 
can enable or disable DHCP and, for servers not using DHCP, you can configure 
a static IP address. 



To change network settings for iLO: 

1. Log on to iLO using an account that has the Configure iLO Settings 
privilege. Click Administration. 

IMPORTANT: These settings can be changed only by users with the 
Configure iLO Settings privilege. Users that do not have the Configure 
iLO Settings privilege will only be able to view the assigned settings. 

2. Click Network Settings. 
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Change the network settings as needed by entering your selections in the 
fields. After the parameter ("Network Settings Parameters" on page 216) 
changes have been made, click Apply to complete the changes. 
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When you click Apply, iLO restarts, and the connection of your browser to iLO 
terminates. To reestablish a connection, wait 60 seconds before launching 
another Web browser session and logging in. 
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iLO Diagnostic Port Configuration Parameters 

The iLO Diagnostic Port on the front of ProLiant BL p-Class servers enables you 
to access and troubleshoot server issues by using a diagnostic cable. The iLO 
Diagnostic Port uses a static IP address. It does not use DHCP to obtain an IP 
address, register with WINS or dynamic DNS, or use a gateway. The diagnostic 
port cable should not be left plugged in without an active network connection, as 
it will cause degraded network performance on the standard iLO network port. 

In Network Settings, you can configure specific diagnostic port information. For 
more information on using the diagnostic port and the diagnostic cable, refer to 
the Setup and Installation Guide for the blade server. 

The following are the fields that can be configured for the diagnostic port: 

NOTE: The availability of the diagnostic port is controlled by the 
Enable NIC field. If Enable NIC is set to Yes, the diagnostic port is 
enabled. 

Transceiver Speed Autoselect 

Autoselect detects the interface speed and sets the interface to operate at 10 Mbps 
or 100 Mbps and at half or full duplex. If necessary, this parameter can be set to 
manual to allow manual adjustment of speed and duplex settings. 

Speed 

Use this setting to assign 10-Mbps or 100-Mbps connect speeds if Transceiver 
Speed Autoselect is not enabled. 

Duplex 

Use this setting to assign half or full duplex to the NIC if Transceiver Speed 
Autoselect is not enabled. 

IP Address 

Use this parameter to assign a static IP address on your network to the iLO 
Diagnostic Port. By default, the IP address is 192.168.1.1 for all iLO Diagnostic 
Ports. 
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Subnet Mask 

Use the subnet mask parameter to assign the subnet mask for the iLO Diagnostic 
Port. By default, the subnet mask is 255.255.255.0 for all iLO Diagnostic Ports. 

The use of the diagnostic port is automatically sensed when an active network 
cable is plugged into it. When switching between the diagnostic and back ports, 
you must allow 90 seconds for the network switchover to complete before 
attempting connection through the Web browser. 

NOTE: The diagnostic port will not switchover if there is an active 
Remote Console session or a firmware update in progress. 

Global Settings 

The Global Settings option enables you to view and modify security settings for 
iLO. This screen enables you to configure the Remote Console timeout, as well 
as the iLO ports to be used for the iLO Web Server, Remote Console, and Virtual 
Media. These settings are applied globally, regardless of the individual user 
settings. 
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IMPORTANT: These settings can be changed only by users with the 
Configure iLO Settings privilege. Users that do not have the Configure 
iLO Settings privilege will only be able to view the assigned settings. 
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The Global Settings option enables you to define the following functions: 
Idle Connection Timeout (Minutes) 

This option specifies the interval of user inactivity, in minutes, before the Web 
server and Remote Console session are automatically terminated. 

Enable Lights-Out Functionality 

This option allows connection to iLO. If disabled, all connections to iLO are 
prevented. The default setting is Yes. 
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• The iLO 10/100 network and communications with operating system drivers 
will be turned off if Lights-Out functionality is disabled. The iLO Diagnostic 
Port for a ProLiant BL p-Class server will be disabled as well. 

• If iLO functionality, including the iLO Diagnostic Port, is disabled, you must 
use the Security Override Switch in the server to enable iLO functionality. 
Follow the documentation of the server to locate the Security Override 
Switch and set it to the override position. Power on the server and use the 
iLO RBSU to set Enable Lights-Out Functionality. 

Enable iLO ROM-Based Setup Utility 

This option enables a user with access (physical or virtual) to the host to 
configure iLO for that system using the iLO RBSU. RBSU is invoked when the 
host system reboots and performs POST. The default setting is Yes. You can 
restrict RBSU access to authorized users using the Require Login for iLO 
RBSU setting. 

NOTE: If the physical security jumper is set, the RBSU prompt displays during reboot. 
Require Login for iLO RBSU 

This option specifies whether the user is required to provide a login name and 
password to access the iLO RBSU. The default setting is No. 

Remote Console Port Configuration 

This option enables or disables configuring of the port address. Setting this 
option to Enabled allows Telnet and Remote Console applet access. Setting this 
option to Disabled turns off both Telnet and Remote Console applet access. 
Remote Console Data Encryption must be set to No to use Telnet to access the 
text Remote Console. 

Remote Console Data Encryption 

This option enables encryption of Remote Console data. If using a standard 
Telnet client to access the iLO, this setting must be set to No. 

SSL Encryption Strength 
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This option displays the current cipher strength setting. The most secure is 128- 
bit (High). 

Current Cipher 

This option displays the encryption algorithm currently being used to protect data 
during transmission between the browser and the iLO. 

Web Server Non-SSL Port 

The embedded Web server in iLO is configured by default to use port 80 for 
unencrypted communications. This port setting is configurable in the Global 
Settings option of the Administration tab. 

Web Server SSL Port 

The embedded Web server in iLO is configured by default to use port 443 for 
encrypted communications. This port setting is configurable in the Global 
Settings option of the Administration tab. 

Virtual Media Port 

The Virtual Media support in iLO uses a configurable port for its 
communications. This port can be set in the Global Settings option of the 
Administration tab. The default setting is to use port 17988. 

Remote Console Port 

The iLO Remote Console is configured by default to use port 23 for Remote 
Console communications. This port setting is configurable in the Global Settings 
option of the Administration tab. 

Minimum Password Length 

This option specifies the minimum number of characters allowed when a user 
password is set or changed. The character length can be set at a value from 0 to 
39. The default setting is eight characters. 
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SNMP/lnsight Manager Settings 

The SNMP/lnsight Manager Settings option enables you to configure SNMP 
alerts, generate a test alert, and configure integration with Insight Manager 7. 

Enabling SNMP Alerts 

iLO supports up to three TCP/IP addresses to receive SNMP alerts. Typically, 
this address is the same as the TCP/IP address of the Insight Manager 7 server 
console. 

IMPORTANT: These settings can be changed only by users with the 
Configure iLO Settings privilege. Users that do not have the Configure 
iLO Settings privilege will only be able to view the assigned settings. 

Two alert options are available in the SNMP/lnsight Manager Settings screen: 

• Enable iLO SNMP Alerts — The SNMP alerts are generated by iLO and are 

independent of the host server operating system. Alerts include major events, 
such as host server power outage or host server reset, and iLO events such as 
an unauthorized login attempt. These alerts take the form of an 
Insight Manager SNMP trap. 

• Forward Insight Manager Agent SNMP Alerts — The Insight Management 
agents provided for each supported network operating system to generate 
these alerts. These agents also must be installed on the host server to receive 
these alerts. iLO forwards the alerts to Insight Manager 7. 

To configure alerts: 

1. Log on to iLO using an account that has the Configure iLO Settings 
privilege. 
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2. Click SNMP/Insight Manager Settings in the Administration tab. A 
screen similar to is displayed. 
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3. Enter up to three TCP/IP addresses to receive the SNMP alerts. 

4. Select the alert options you want iLO to support. 

5. Click Apply Settings. 

Generating Test Alerts 



Test alerts are generated by means of the SNMP/Insight Manager Settings in 
the Administration section of the iLO navigation frame. These alerts include an 
Insight Manager SNMP trap and are used to verify the network connectivity of 
iLO in Insight Manager 7. Only users with the Configure iLO Settings privilege 
can send test alerts. 



Click Apply Settings to save any changes made to SNMP Alert Destination(s) 

before sending a test alert. 



To send a test alert: 



1. Click SNMP/Insight Manager Settings in the Administration tab. 
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2. Click Send Test Alert to generate a test alert and send it to the TCP/IP 
addresses saved in the SNMP Alert Destination(s) fields. 

3. After generating the alert, a confirmation screen is displayed. 

4. Check the Insight Manager 7 console for receipt of the trap. 

Insight Manager 7 Integration 

iLO enables you to configure the URL (DNS name or IP address) of the Insight 
Manager Web Agents running on the host server. You may also configure the 
level of data returned with Insight Manager 7 identification information. 

The Insight Manager Web Agent URL field enables you to enter the IP address 
or the DNS name of the host server on which the Insight Manager Web Agents 
are running. Entering this data in the field provided enables iLO to create a link 
from the iLO Web pages to the pages of the Web Agent. 

NOTE: The expected entry in the Insight Manager Web Agent URL 

field is the IP address or the DNS name only. The protocol (for example, 
"http://") and a port ID (for example, ":2301") should not be entered. 

The link to the Insight Web Agents is found on the blue header bar, next to the 
Log out link. 

The Level of Data Returned field enables you to control the amount of 
information that is returned to Insight Manager 7. This information is used to 
associate management processors with servers and is displayed on the summary 
page for iLO in Insight Manager 7. 

Upgrade iLO Firmware 

Firmware upgrades enhance the functionality of iLO. The firmware upgrade can 
be done from any network client using a standard Web browser. Only users with 
the Update iLO Firmware privilege can upgrade the iLO firmware. The most 
recent firmware for iLO is available on the HP website.To upgrade the iLO 
firmware using a standard Web browser: 

1 . Log on to iLO using an account that has the Update iLO Firmware privilege. 



Using Integrated Lights-Out 75 



2. Click Upgrade iLO Firmware in the Administration tab. A screen similar 
to is displayed. 
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3. Enter the file name in the New firmware image field or Browse for the file. 
Click Send firmware image. 

4. The firmware upgrade takes a couple of minutes. A progress bar displays the 
progress of the firmware upgrade. 

IMPORTANT: Do not interrupt an Upgrade iLO Firmware session that 
is in progress. 

The iLO system automatically resets at the end of a successful firmware upgrade. 
The host operating system and server are not affected by the iLO system being 
reset. 
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/ • \ WARNING: After upgrading to version 1.40, a subsequent 
downgrade to any previous version may result in loss of 
configuration data. Before downgrading from firmware version 
1.40 to any other version, HP recommends that you back up your 
configuration data. 

If the firmware upgrade was interrupted or failed, immediately attempt the 
upgrade again. Do not reset the iLO system before reattempting a firmware 
upgrade. iLO provides an FTP-based firmware upgrade disaster recovery 
("Inability to Upgrade iLO Firmware" on page 239) if a firmware upgrade is 
interrupted or failed. 

NOTE: For systems with diskette drives, you can also update the iLO 
firmware using ROMPaq diskettes. HP does not recommend updating 
iLO firmware using the Virtual Media floppy diskette. 



The iLO Advanced License Activation page is used to apply the license 
activation for the iLO Advanced Pack. The "Enabling iLO Advanced 
Functionality (on page 18)" section discusses the steps required to enter the 
activation key and enable the advanced features. 



Certificate Information displays the information associated with the stored 
certificate. Information is encoded in the certificate by the CA, and is extracted 
by iLO for display. 

• Issued To is the entity to whom the certificate was issued. 

• Issued By is the CA which issued the certificate. 

• Valid From is the date from which the certificate is valid. 

• Valid Until is the date which the certificate will expire. 

• Serial Number is the serial number assigned to the certificate by the CA. 
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Importing a Certificate displays information on how to import a certificate. For 
more information on importing certificates, refer to "Certificates (on page 97)" in 
the "Security for Integrated Lights-Out (on page 93)" section. 



Directory Settings 

The Directory Settings screen enables you to configure and test your directory 
services. For additional information on directories, refer to the "Directory 
Services (on page 99)" section. For additional information on directory 
configuration parameters, refer to the "Configuring Directory Settings (on page 
135)" section. 



ProLiant BL p-Class 

The BL p-Class tab enables you to control specific settings for the 
ProLiant BL p-Class blade server rack. iLO also provides Web-based diagnostics 
for the ProLiant BL p-Class server rack. These diagnostics are listed on four Web 
pages under the BL p-Class tab. 

NOTE: The fourth Web page is available when there is a redundant 
power management module in the server configuration. 

Rack Settings 

Blade servers communicate with the rack environment to obtain power and 
manage shared resources of the rack (fans, temperature, power supplies). The 
Rack Settings option allows you to configure this communication. 
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The following fields are available: 
Rack Name 

The rack name is used to logically group together the components that comprise 
a single rack. When changed, the rack name is communicated to all other 
components connected in a rack. The name is used when logging and alerting to 
assist in identifying the component. 

Enclosure Name 

The enclosure name is used to logically group together the server blades that 
comprise a single enclosure. When changed, the enclosure name is 
communicated to all other server blades connected in the same enclosure. The 
name is used when logging and alerting to assist in identifying the component. 

Bay Name 

The bay name is used when logging and alerting to assist in identifying a 
component or its function. 



Bay 
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The ProLiant BL p-Class enclosure can support one to eight server blades. The 
bays are numbered from left to right starting with 1 and finishing with 8. The bay 
number is used to assist in physically identifying the faulty server blade or other 
error conditions. This information is for viewing only. 

Rack Serial Number 

The rack serial number identifies the components in the rack as a logical 
grouping. The serial number is determined during power-up of the various 
components to create a unique rack serial number. Switching components (server 
blade enclosure or power supplies) alters the rack serial number. 

Enclosure Serial Number 

The enclosure serial number identifies the particular server blade enclosure in 
which a server blade resides. 

Blade Serial Number 

The blade serial number identifies the serial number for the server blade product. 
Power Source 

The server blade enclosure can be installed in a rack by using one of two 
configurations: 

• The server blade power supplies can be used to convert normal AC facility 
power to 48 V DC to power the rack. In this configuration, select the power 
source as Rack Provides Power. This setting allows each server blade, 
enclosure, and power supply to communicate power requirements to ensure 
proper power consumption without risking power failures. 

• If the facility can provide 48 V DC power directly, without the need for the 
provided power supplies, then select Facility Provides 48V. Each server 
blade will not be required to communicate with the infrastructure for power 
when powering on or off. 

NOTE: It is essential that proper power sizing requirements be 
performed to ensure sufficient power for all the server blades and other 
components of the rack. 

Enable Automatic Power On 
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Each server blade can be configured to automatically power on when inserted 
into the enclosure. Depending on the Power Source setting, the server blade 
communicates with the rack to determine if enough power is available to power 
on. If the power is available, then the server blade automatically powers on and 
begins the normal server booting process. 

Enable Rack Alert Logging 

As the server blade receives alerts, these events can be logged to the IML. You 
can view these events by using the iLO System Status — IML tab. Additional 
IML viewing tools are available to allow viewing from the installed operating 
system on the server blade. 



Rack Topology 

The Rack Topology screen: 

• Discovers all devices connected in the rack. 

• Displays the enclosure type, name, address, and serial number. 

• Displays diagnostic information for the rack. 
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Server Blade Management Module 

The Server Blade Management Module screen: 

• Displays devices discovered in the BL p-Class enclosure. 

• Reads and displays the current firmware version of the controller for the 
blade server enclosure. 

• Detects and displays the fuse state and power state of blade servers. 

• Allows you to activate the enclosure LEDs. 
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Power Management Module 

The Power Management Module screen: 

• Detects and displays the main power supplies. 

• Reads and displays the current firmware version of the controller for the 
power supply enclosure. 

• Displays the current power output, maximum power output, and temperature 
information for the power supply. 
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• Allows you to activate the power management module LEDs. 
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Redundant Power Management Module 

If the rack topology consists of a redundant power supply, the Redundant 
Power Management Module screen will be available. The Redundant Power 
Management Module screen provides the same information concerning the 
redundant power management module as the Power Management Module 

screen provides for the power management module. 



iLO Control of ProLiant BL p-Class Server LEDs 



iLO can monitor BL p-Class servers through POST tracking and the Server 
Health LED. 
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Server POST Tracking 

There is limited feedback while the server is booting because of the headless 
nature of the ProLiant BL p-Class servers. iLO provides boot-time feedback by 
blinking the Server Health LED green during server POST. The LED is set to 
solid amber if the boot is unsuccessful. The LED is set to solid green at the end 
of a successful boot. 

After a successful boot, control of the Server Health LED is returned to the 
server, which may turn the LED off or set it to some other color to represent the 
health of the server hardware. 

Insufficient Power Notification 

The iLO turns the Server Health LED solid red if iLO cannot power on the server 
because there is insufficient power in the rack infrastructure. 



Telnet Support 

Telnet access to iLO is now supported. Telnet allows text based access to the 
Remote Console. To use telnet the iLO Remote Console Port Configuration and 
Remote Console Data Encryption on the Global Settings screen must be 
configured as follows: 

1 . Remote Console Port Configuration must be set to Enabled. 

2. Remote Console Data Encryption must be set to No. 

To access iLO using Telnet: 

NOTE: You can only open either a Telnet session or a Remote 
Console Session at a time, not both simultaneously. An error message 
will generate if both sessions are attempted at the same time. 

1. Open a Telnet window. 

2. When prompted, enter the IP Address or DNS Name, Login Name, and 
password. 
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NOTE: Access through telnet will be disabled, if the remote console 
port configuration on the Global Settings tab is set to Disabled or 
Automatic, or if remote console data encryption is enabled. 

To terminate a Telnet session: 

1 . Press the Ctrl+] keys and the Enter key at the prompt. 

2. If you see an extra carriage return each time the Enter key is pressed, press 
the Ctrl+] keys and enter set crlf off at the prompt. 
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Functional Overview 

Insight Manager 7 enables you to: 

• Identify iLO processors. 

• Create an association between iLO and its server. 

• Create links between iLO and its server. 

• View iLO and server information and status. 

• Control the amount of detailed information displayed for iLO. 

• Draw a visualization of the ProLiant BL p-Class rack infrastructure. 

The following sections give a summary of each function. For detailed 
information on these benefits and how to use Insight Manager 7, refer to the HP 
Insight Manager 7 Technical Reference Guide, provided with Insight Manager 7. 

Identification and Association 

Insight Manager 7 can identify an iLO processor and create an association 
between iLO and server. The administrator of the iLO device may configure iLO 
to respond to Insight Manager 7 identification requests. 
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Status 

In Insight Manager 7, iLO is identified as a management processor. Insight 
Manager 7 displays the management processor status within the device list. 

The iLO management processor is displayed as an icon in the device list on the 
same row as its host server. The color of the icon represents the status of the 
management processor. 
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For a complete list of device statuses, refer to the HP Insight Manager 7 
Technical Reference Guide, provided with Insight Manager 7. 



Queries 

iLO management processors can be queried within Insight Manager 7. The 
administrator can save and use these queries to create groups of management 
processors. Refer to the HP Insight Manager 7 Technical Reference Guide for 
further details. 

Links 

For ease of management, Insight Manager 7 creates links to the following 
locations: 
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• iLO and the host server from the Insight Manager 7 Home page 

• iLO from the Query Results page 

• The server from the Query Results page 

• The server from the Device Summary page of iLO 

• iLO from the Device Summary page of the server 

The Home page and Query Results pages display iLO, the server, and the 
relationship between iLO and server. For example, the page can display the 
server, the iLO name next to the server, and iLO name IN server in the Device 
Name field for iLO. 

Clicking on the device status icon for either iLO or the server takes you to the 
summary page of the device. Within the summary page are the status, IP address, 
and link for the associated device. 

Alerts 

The iLO management processor can be configured to send SNMP alerts to the 
Insight Manager 7 console. Enter the TCP/IP address of the Insight Manager 7 
console in the Management Integration page of the iLO Administration tab to 
direct SNMP alerts to the console. 

iLO can be configured to forward alerts from the host operating system 
management agents, and it can also be configured to send iLO-generated alerts to 
the Insight Manager 7 console. 

Port Matching 

Insight Manager 7 is configured to start an HTTP session to check for iLO at port 
80. The port can be changed. If you want to change the port number, you must 
also change it in Network Settings and Insight Manager 7. 
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To change the port number in Insight Manager 7, add the port to the 
\ADDITIONALWSDISC.PROPS file. Port 80 does not need an entry in this 
props file, but any other port designated for iLO needs to be specified so that 
Insight Manager 7 can use it during HTTP identification. The format of the 
entries is: 

Port=Description , Reserved 1, Reserved 2, Reserved 3, Class 
Name 

where: 

• Port is the number of the additional HTTP port to be added into discovery. 

• Description is the description of the Web server to be displayed in the list of 
links on the device page. 

• Reserved 1 is reserved and should be set to a space. 

• Reserved 2 is reserved and should be set to true. 

• Reserved 3 is reserved and should be set to false. 

• Class Name specifies the name of the Insight Manager 7 Java class that does 
the processing for the additional management processor port. This 
information should not be changed. 

Example: 

80=iLO, , true, false, Compaq . ID . MgmtProc . Mgmt Processor Pars 
er 

Configuring Identification of iLO 

iLO enables you to set how much data is returned on an Insight Manager 7 
request for more information. 

The level of data returned is controlled on the SNMP/Insight Manager Settings 

screen. The identification data level options are: 

• High — Associations are present and all data is present on the summary page. 

• Medium — Associations are present but the summary page contains less 
detail than at high security. 
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• Low — Associations are present if SNMP pass-through is supported. If not, 
the server and management processor are separate entities in the device list. 

• None — No data is returned to Insight Manager 7. 
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Integrating iLO with Insight Manager 7 

iLO fully integrates with Insight Manager 7 in key operating environments, 
providing access to Insight Management agents and support for full in-band 
SNMP management. iLO supports SNMP trap delivery to an Insight Manager 
Console, which can be configured to forward SNMP traps to a pager or email. 

Full integration with Insight Manager 7 also provides a single management 
console for launching a standard Web browser to access iLO and for providing 
diagnostic information about the operation of iLO. While the operating system is 
running, you can establish a connection to iLO using Insight Manager 7. 
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Receiving SNMP Alerts in Insight Manager 7 

Insight Manager 7 provides support for full SNMP management, and iLO 
supports SNMP trap delivery to an Insight Manager 7 console. You can view the 
event log, select the event, and view the additional information about the alert. 

Configuring receipt of SNMP alerts in Insight Manager 7 is a two-step process. 
The process requires configuring Insight Manager 7 to receive SNMP alerts from 
an iLO-managed device and configuring iLO to enable SNMP alerts. 

To configure receipt of SNMP alerts in Insight Manager 7: 

1 . Use the SNMP/Insight Manager Settings option in the Administration tab 

of the iLO navigation frame to enable SNMP alerting and to provide an 
SNMP trap IP address to iLO. This IP address should be the address of the 
computer running Insight Manager 7. Refer to the "Enabling SNMP Alerts" 
section for details. 

2. Configure iLO as a managed device for Insight Manager 7. Adding iLO to 
Insight Manager 7 allows the NIC interface on iLO to function as a dedicated 
management port, isolating management traffic from the remote host server 
NIC interface. 

a. Start Insight Manager 7. Click Settings. By default, the Automatic 
Discovery screen is displayed. Use this screen to discover any iLO that 
will be managed by Insight Manager 7. If the IP address does not already 
appear in the Ping Inclusion Ranges section, enter the IP address. 

b. Click Execute Discovery Now to add iLO to Insight Manager 7. The 
Status section displays the system being updated. 

c. After the discovery is complete, subsequent queries will display the 
device as a management processor. 

d. You may need to select Edit Device from the Discovery tab and edit the 
monitor community string (for example, by changing it to "public") so 
that iLO is displayed in the list of monitored devices. 

e. iLO traps are displayed in a query for major, uncleared events. You can 
use the orange button at the top of the screen to issue this query. Click 
the event description to obtain further information about the event. 
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NOTE: HP Insight Agents for Integrated Lights-Out must be installed on 
the remote host server to enable management of Integrated Lights-Out 
by iLO. Refer to the iLO documentation for additional details about 
installing and configuring agents. 

Reviewing iLO Advanced Pack License Information in Insight 
Manager 7 

Insight Manager 7 provides a report showing the license status of the iLO 
management processors. You may use this report to determine how many and 
which iLO devices are licensed for the iLO Advanced Pack. 

To view this report: 

1. Click Devices. 

2. Click Reports. 

3. Click Device License Information — All Servers. 

The license information of the management processors is displayed. To be sure 
that this data is current, run the device identification task for your management 
processors. Refer to the Insight Manager 7 documentation for additional details 
about initiating tasks. 



ProLiant BL p-Class Rack Visualization 

Insight Manager 7 can draw a visualization of the ProLiant BL p-Class rack, 
enclosures, and servers using information from iLO. The SNMP/Insight Manager 
setting for the level of data to be returned must be Medium or High for Insight 
Manager 7 to draw the visualization. 
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General Security Guidelines 

The following are general guidelines concerning security for iLO: 

• For maximum security, iLO should be set up on a separate management 
network. 

• Integrated Lights-Out should not be directly connected to the Internet. 

• A 128-bit cipher strength browser must be used. 

Encryption 

By default, all iLO Web pages are encrypted with Secure Sockets Layer (SSL). 
For security purposes, passwords are not sent across the network in a clear-text 
format. Passwords are not listed in clear text for the purposes of automating a 
login sequence. The Remote Console date si encrypted with a 128 bit RC4 bi- 
directional cipher. 

iLO Security Override Switch Administration 

The iLO Security Override Switch allows the administrator full access to the iLO 
processor. This access may be necessary for any of the following conditions: 

• iLO needs to be re-enabled after it has been disabled. 
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• All user accounts with the Administer User Accounts privilege have been 
locked out. 

• A bad configuration keeps iLO from displaying on the network and RBSU 
has been disabled. 

• The boot block needs to be flashed. 

Ramifications of setting the Security Override Switch include: 

• All security authorization checks are disabled while the switch is set. 

• The iLO RBSU runs if the host server is reset. 

• iLO is not disabled and may display on the network as configured. 

• iLO, if disabled while the Security Override Switch is set, does not log the 
user out and complete the disable process until the power is cycled on the 
server. 

• The iLO Option ROMPaq is allowed to reprogram the iLO ROM even if the 
iLO firmware is not running. 

• The boot block is exposed for programming. 

A warning message is displayed on the iLO Web pages indicating that the iLO 
Security Override Switch is currently in use. An iLO log entry is added recording 
the use of the iLO Security Override Switch. An SNMP alert may also be sent 
upon setting or clearing the iLO Security Override Switch. 

Setting the iLO Security Override Switch also enables you to flash the iLO boot 
block. HP does not anticipate that you will need to update the iLO boot block. If 
an iLO boot block update is ever required, physical presence at the server will be 
required to reprogram the boot block and reset iLO. The boot block will be 
exposed until iLO is reset. For maximum security, HP recommends that you 
disconnect iLO from the network until the reset is complete. 

The iLO Security Override Switch is located inside the server and cannot be 
accessed without opening the server enclosure. To set the iLO Security Override 
Switch, you need to power off the server. Set the switch and then power on the 
server. Reverse the procedure to clear the iLO Security Override Switch. 
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Depending on the server, the iLO Security Override Switch may be a single 
jumper or a specific switch position on a dip switch panel. To access and locate 
the iLO Security Override Switch, refer to the server documentation. iLO 
Security Override Switch can also be located using the diagrams on server hood. 

User Accounts 

iLO supports the configuration of up to 12 local user accounts. Each of these 
accounts can be managed through the use of the following features: 

• Privileges 

• Global Security Settings 

• Login Security 

Privileges 

iLO allows the administrator to control user account access to iLO functions 
through the use of privileges. When a user attempts to use a function, the iLO 
system verifies that the user has the privilege before the user is allowed to 
perform the function. 

Each feature available through iLO can be controlled through privileges, 
including Administer User Accounts, Remote Console Access, Virtual Power 
and Reset, Virtual Media, and Configure iLO Settings. Privileges for each user 
can be configured on the User Administration page of the Administration tab. 

Global Security Settings 

Global security settings allow you to control access to functions or to control 
specific actions of functions that have been enabled globally. For example, you 
can control access to the iLO RBSU, enable or disable Lights-out Functionality, 
set the Remote Console timeout, Web server SSL and non-SSL ports, virtual 
media port and set the minimum password length. 
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Login Security 

iLO provides several login security features. After an initial failed login attempt, 
iLO imposes a delay of five seconds. After a second failed attempt, iLO imposes 
a delay of 10 seconds. After the third failed attempt, and any subsequent 
attempts, iLO imposes a delay of 60 seconds. All subsequent failed login 
attempts cycles through these values. An information page is displayed during 
each delay. This scenario continues until a valid login is completed. This feature 
assists in defending against possible dictionary attacks against the browser login 
port. 

iLO also saves a detailed log entry for failed login attempts which imposes a 
delay of 60 seconds. 

Passwords 

The following is a list of recommended password guidelines: 

• Passwords should never be written down or recorded. 

• Passwords should never be shared with others. 

• Passwords should not be words generally found in a dictionary, or easy to 
guess words, such as the company name, product names, the user's name, or 
the user's User ID. 

• Passwords should include at least three of the four following characteristics: 

• At least one numeric character 

• At least one special character 

• At least one lowercase character 

• At least one uppercase character 

Passwords issued for a temporary User ID, password reset, or a locked out User 
ID should also conform to these standards. Each password must be a minimum 
length of zero characters and a maximum length of 39 characters. The default 
minimum length is set to eight characters. Setting the minimum password length 
to fewer than eight characters is not recommended unless you have a physically 
secure management network that does not extend outside the secure data center. 



Security for Integrated Lights-Out 



97 



Certificates 

By default, iLO creates a "self-signed" certificate for use in SSL connections. 
This certificate enables iLO to work without any additional configuration steps. 
The security features of iLO can be enhanced by importing a trusted certificate. 

Importing a Certificate 

• Create Certificate Request — iLO can create a CR (in PKCS #10 format) 
which can be sent to a CA. This certificate request is base64 encoded. A CA 
will process this request and return a response (X.509 Certificate) which can 
be imported into Integrated Lights-Out. Everytime the Create Certificate 
Request button is clicked, a new certificate request is generated even though 
the iLO name is same. 

The CR contains a public/private key pair that will be used for validation of 
communications between the client browser and iLO. The generated CR is 
held in memory until a new CR is generated; a certificate is imported via this 
process; or iLO is reset. This means you can generate the CR and copy it to 
the client clipboard, leave the iLO web site to retrieve the certificate, then 
return to import the certificate. 

When submitting the request to the CA, insure you 

- use the iLO name as listed on the System Status screen as the URL for 

the server; 

- request the certificate be generated in the RAW format; 

- include the Begin and End certificate lines. 

• Import Certificate — If you are returning to this page with a certificate to 
import, clicking the Import Certificate button enables you to go directly to 
the Certificate Import screen without generating a new CR. This is 
important in that a given certificate will only work with the keys contained in 
the CR from which the certificate was generated. If iLO has been reset or 
another CR has been generated since the CR that was used to request the 
certificate was generated, then another CR will must be generated and a new 
certificate procured from the CA. 
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Introduction to Directory Services 

The iLO Directory Services functionality, available with firmware version 1.40 
or later, enables you to: 

• Authenticate users from a shared consolidated, scalable user database. 

• Control user privileges (authorization) using the directory service. 

• Use Roles in the directory service for group level administration of iLO 
management processors and iLO users. 

IMPORTANT: Installing Directory Services for Integrated Lights-Out 
requires extending the directory schema. Extending the schema must 
be completed by a Schema Administrator. 

Schema Documentation 

To assist with the planning and approval process, HP provides up-front 
documentation on the changes made to the schema during the schema setup 
process. The HP Directory Services Schema Information Booklet is available on 
the HP website ( http://www.hp.com/servers/lights-out ). 
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Directory Services Support 

iLO supports the following directory services: 

• Microsoft® Active Directory 

• Microsoft® Windows® Server 2003 Active Directory 

• Novell eDirectory 8.6.2 

• Novell eDirectory 8.7 

The iLO software is designed to run within the Microsoft® Active Directory 
Users and Computers and Novell ConsoleOne management tools, allowing you 
to manage user accounts on Microsoft Active Directory or Novell eDirectory. 
This solution makes no distinction between eDirectory running on NetWare, 
Linux, or Windows®. To spawn an eDirectory schema extension requires Java 
1.4.0 or later for SSL authentication. 

iLO supports Microsoft® Active Directory running on one of the following 
operating systems: 

• Windows® 2000 

• Windows® 2000 Advanced Server 

• Windows® Server 2003 

iLO supports eDirectory 8.6.2 and 8.7 running on one of the following operating 
systems: 

• Windows® 2000 

• Windows® 2000 Advanced Server 

• Windows® Server 2003 

• NetWare 5.X 

• NetWare 6.X 

• Red Hat Enterprise Linux AS 2.1 
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• Red Hat Linux 7.3 

• Red Hat Linux 8.0 

Required Software 

iLO requires specific software, which will extend the schema and provide snap- 
ins to manage your iLO network. An HP Smart Component is available for 
download that contains the schema installer and the management snap-in 
installer. The HP Smart Component can be downloaded from the HP website 
( http ://w w w .hp . com/servers/li ghts-out ) . 

Schema Installer 

Bundled with the schema installer are one or more .xml files. These files contain 
the schema that will be added to the directory. Typically, one of these files will 
contain core schema that is common to all the supported directory services. 
Additional files contain only product-specific schemas. The schema installer 
requires the use of the .NET framework. 

The installer includes three important screens: 

• Schema Preview 

• Setup 

• Results 

Schema Preview 

The Schema Preview screen allows the user to view the proposed extensions to 
the schema. This screen reads the selected schema files, parses the XML, and 
displays it as a tree view. It lists all of the details of the attributes and classes that 
will be installed. 
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Setup 

The Setup screen is used to enter the appropriate information before extending 
the schema. 

The Directory Server section of the Setup screen enables you to select whether 
you will be using Active Directory or eDirectory, and to set the computer name 
and the port to be used for LDAP communications. 
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IMPORTANT: Extending the schema on Active Directory requires that 
the user be an authenticated Schema Administrator, that the schema is 
not write protected, and the directory is the FSMO role owner in the 
tree. The installer will attempt to make the target directory server the 
FSMO Schema Master of the forest. 

To get write access to the schema on Windows® 2000 requires a 
change to the registry safety interlock. If the user selects the Active 
Directory option, the schema extender will attempt to make the registry 
change. It will only succeed if the user has rights to do this. Write 
access to the schema is automatically enabled on Windows® Server 
2003. 

The Directory Login section of the Setup screen enables you to enter your login 
name and password. These may be required to complete the schema extension. 
The Use SSL during authentication option sets the form of secure 
authentication to be used. If not selected, NT authentication is used for Active 
Directory, and clear text authentication is used for eDirectory. 
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Results 



The Results screen displays the results of the installation, including whether the 
schema could be extended and what attributes were changed. 



■■Ill* Management Devicei Schema Engender 



Results 

ThtL page shwAi Hte rsiiJ:s ci Lpdalng fas schema ri AclU'e Dieclay 



ITTS TTlfTT ^7f TTTT TTTTTT ^TTTTT TTTTTT TTTITTT TTTXTT TTTXTT T7TTT 

b^qBtfllaEPfti'ietleT.iaiaa 

DID : 1.3.5.1.*.!. E3Z.1HH..1. 1-EL.-5 

Syntax: 1 3.(. 1.4.1.1-Mf . ili.l2i . l.tO 

im* eri-jyclon: A list o 1 IP addresses, tiimcr.. dcatnltt., a i J Less ranges, 
and subnets uhich partially arscity right r« sbri ctian* wider on IF nebcierfc 
adcteass Lu.jLiki:.:. 

-M.V.KfIHC 0K90n7L33Z: TUC Ol^ecc- already enlSGS.5- 

bpLjfttililJ'HiiiOjriL^ifjtilia Ctulc 

DID : 1 . 3 . S- 1- * . 1- Z3Z - LDD1 . 1 . t. 4. 4 

Syntax I.».f.l.4.1.1-I«.1LI.1Z1.1.7 
B-itLqlil V&Iua: IMI 

Bescrlpcion: A. Boolcari rcpfesenririjcj access by uaspedliera cliexres cibicli 

paxtijlUy f l - -: lijliti intrvrtiani I - ■ » TP iwfclMrlE lUcm -onTtminS 

-:\iac_mihi; D»aoD7i39z: n» out ice umq initio 



(' Back 



r- il 



Frish 



Management Snap-In Installer 

The management snap-in installer installs the snap-ins required to manage iLO 
objects in a Microsoft® Active Directory Users and Computers directory or 
Novell ConsoleOne directory. 

The iLO snap-ins are used to perform the following tasks in creating an iLO 
directory: 

• Creating and managing the iLO and role objects (policy objects will be 
supported at a later date). 
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• Making the associations between iLO objects and the role (or policy) objects. 

Directory Services for Active Directory 

The following sections provide installation prerequisites, preparation, and a 
working example of Directory Services for Active Directory. 

Active Directory Installation Prerequisites 

Directory Services for iLO uses LDAP over SSL to communicate with the 
directory servers. Before installing snap-ins and schema for Active Directory, 
read and have available the following documentation: 

IMPORTANT: Installing Directory Services for Integrated Lights-Out 
requires extending the Active Directory schema. Extending the schema 
must be completed by an Active Directory Schema Administrator. 

• Extending the Schema in the Microsoft® Windows® 2000 Server Resource 
Kit, available at http://msdn.microsoft.com 

• Installing Active Directory in the Microsoft® Windows® 2000 Server 
Resource Kit 

• Microsoft® Knowledge Base Articles 

- 216999 Installing the remote server administration tools in Windows® 
2000 

- 314978 Using the AdminpaLmsi to install a server administration tool in 
Windows® 2000 

- 247078 Enabling SSL communication over LDAP for Windows® 2000 
domain controllers 

- 321051 Enabling LDAP over SSL with a third-party certificate authority 

- 299687 MS0 1-036: Function Exposed By Using LDAP over SSL Could 
Enable Passwords to Be Changed 



Directory Services Preparation for Active Directory 

To set up directory services for use with iLO management processors: 
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1. Install Active Directory. For more information, refer to Installing Active 
Directory in the Microsoft® Windows® 2000 Server Resource Kit. 

2. Install the Microsoft® Admin Pack (the ADMINPAK.MSI file, which is 
located in the i386 subdirectory of the Windows® 2000 Server or Advance 
Server CD). For more information, refer to the Microsoft® Knowledge Base 
Article 216999. 

3. In Windows® 2000, the safety interlock that prevents accidental writes to the 
schema needs to be temporarily disabled. The schema extender utility will be 
able to do this if the remote registry service is running and the user has 
sufficient rights. This can also be done by setting 

HKEY_LOCAL_MACHINE^YSTEM\CurrentControlSet\ServicesParameters 
\Schema Update Allowed in the registry to a non-zero value (refer to the 
"Order of Processing When Extending the Schema" section of Installation of 
Schema Extensions in the Windows® 2000 Server Resource Kit) or by the 
following steps. 

IMPORTANT: Incorrectly editing the registry can severely damage your 
system. HP recommends creating a back up of any valued data on the 
computer before making changes to the registry. 

NOTE: This step is not necessary if you are using Windows® Server 
2003. 

a. Start MMC. 

b. Install the Active Directory Schema snap-in in MMC. 

c. Right-click Active Directory Schema and select Operations Master. 

d. Select The Schema may be modified on this Domain Controller. 

e. Click OK. 

NOTE: The Active Directory Schema folder may need to be 
expanded for the check box to be available. 

4. Create a certificate or install Certificate Services. This step is necessary to 
create a certificate or install Certificate Services because iLO communicates 
with Active Directory using SSL. Active Directory must be installed before 
installing Certificate Services. 

5. To specify that a certificate be issued to the server running active directory, 
do the following: 
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a. Launch Microsoft Management Console on the server and add the 
default domain policy snap-in (Group Policy, then browse to Default 
domain policy object). 

b. Click Computer Configuration, Windows Settings, Security Settings, 
Public Key Policies. 

c. Right-click Automatic Certificate Requests Settings, and select new, 
automatic certificate request. 

d. Using the wizard, select the domain controller template, and the 
certificate authority you want to use. 

6. Download the Smart Component, which contains the installers for the 
schema extender and the snap-ins. The Smart Component can be downloaded 
from the HP website ( http ://w w w . hp . com/server s/li ghts-out) . 

7. Run the schema installer application to extend the schema, which extends the 
directory schema with the proper HP objects. 

NOTE: The schema installer associates the Active Directory snap-ins 
with the new schema. The snap-in installation setup utility is a Windows 
MSI setup script and will run anywhere MSI is supported (Windows® 
XP, Windows® 2000, Windows® 98). However, some parts of the 
schema extension application require the .NET Framework, which can 
be downloaded from www.microsoft.com. 

Snap-in Installation and Initialization for Active Directory 

1. Run the snap-in installation application to install the snap-ins. 

2. Configure the directory service to have the appropriate objects and 
relationships for iLO management. 

a. Use the management snap-ins from HP to create iLO, Policy, Admin, 
and User Role objects. 

b. Use the management snap-ins from HP to build associations between the 
iLO object, the policy object, and the role object. 

c. Point the iLO object to the Admin and User role objects (Admin and 
User roles will automatically point back to the iLO object). 

NOTE: For more information on Integrated Lights-Out objects, see 
"Directory Services Objects". 



At a minimum, you must create: 
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• One Role object that will contain one or more users and one or more iLO 
objects. 

• One iLO object corresponding to each iLO management processor that will 
be using the directory. 

Example: Creating and Configuring Directory Objects for Use with iLO in Active 
Directory 

The following example shows how to set up roles and HP devices in an 
enterprise directory with the domain testdomain. local, which consists of two 
organizational units, Roles and RILOES. 

Assume that a company has an enterprise directory including the domain 
testdomain.local arranged as shown in the following screen. 
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1 . Create an organizational unit, which will contain the Lights-Out Devices 
managed by the domain. In this example, two organizational units are created 
called Roles and RILOES. 

2. Use the HP provided Active Directory Users and Computers snap-ins to 
create Lights-Out Management objects in the RILOES organizational unit for 
several iLO devices. 

a. Right-click the RILOES organizational unit found in the 
testdomain.local domain, and select NewHPObject. 

b. Select Device for the type on the Create New HP Management Object 

dialog box. 

c. Enter an appropriate name in the Name field of the dialog box. In this 
example, the DNS host name of the iLO device, rib-email-server, will be 
used as the name of the Lights-Out Management object, and the surname 
will be RILOEII. 

d. Enter and confirm a password in the Device LDAP Password and 
Confirm fields. The device will use this password to authenticate to the 
directory, and should be unique to the device. This password is the 
password that is used in the Directory Settings screen of the iLO. 
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e. Click OK. 
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Use the HP provided Active Directory Users and Computers snap-ins to 
create HP Role objects in the Roles organizational unit. 

a. Right-click the Roles organizational unit, select New then Object. 

b. Select Role for the type field in the Create New HP Management 
Object dialog box. 

c. Enter an appropriate name in the Name field of the New HP 
Management Object dialog box. In this example, the role will contain 
users trusted for remote server administration and will be called 
remote Admins. Click OK. 

d. Repeat the process, creating a role for remote server monitors called 
remoteMonitors. 



4. Use the HP provided Active Directory Users and Computers snap-ins to 
assign the roles rights, and associate the roles with users and devices. 
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b. 



Right-click the remoteAdmins role in the Roles organizational unit in 
the testdomain.local domain, and select Properties. 

Select the HP Devices tab, then click Add. 

Using the Select Users dialog box, select the Lights-Out Management 
object created in step 2, rib-email-server in folder 
testdomain.local/RILOES. Click OK to close the dialog, then click 
Apply to save the list. 
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d. Add users to the role. Click the Members tab, and add users using the 
Add button and the Select Users dialog box. 
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The devices and users are now associated. Use the Lights Out Management 
tab to set the rights for the role. All users and groups within a role will have 
the rights assigned to the role on all of the iLO devices managed by the role. 
In this example, the users in the remoteAdmins role will be given full access 
to the iLO functionality. Select the boxes next to each right, and then click 
Apply. Click OK to close the property sheet. 

Using the same procedure as in step 4, edit the properties of the 
remoteMonitors role, add the rib-email-server device to the Managed 
Devices list on the HP Devices tab, and add users to the remoteMonitors role 
using the Members tab. Then, on the Lights Out Management tab, select 
the box next to the Login. Click Apply and OK. Members of the 
remoteMonitors role will be able to authenticate and view the server status. 
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User rights to any Integrated Lights-Out device are calculated as the sum of all 
the rights assigned by all the roles in which the user is a member, and in which 
the Integrated Lights- Out device is a Managed Device. Following the preceding 
examples, if a user is in both the remoteAdmins and remoteMonitors roles, they 
will have all the rights, because the remoteAdmins role has those rights. 

To configure a Integrated Lights-Out device and associate it with a Lights-Out 
Management object used in this example, use settings similar to the following on 
the Directory Settings screen. 

RIB Object DN = cn=rib-email- 

server, ou=RILOES, dc=testdomain, dc=local 

Directory User Context 1 = 

cn=Users, dc=testdomain, dc=local 

For example, to gain access, user Mel Moore, with the unique ID MooreM, 
located in the users organizational unit within the testdomain.local domain, who 
is also a member of one of the remoteAdmins or remoteMonitors roles, would be 
allowed to log in to the iLO. They would type testdomain\moorem, or 
mooremgtestdomain . local , or Mel Moore, in the Login Name field 
of the iLO login screen, and use their Active Directory password in the 
Password field of that screen. 

Directory Services Objects for Active Directory 

One of the keys to directory-based management is proper virtualization of the 
managed devices in the directory service. This virtualization allows the 
administrator to build relationships between the managed device and user or 
groups already contained within the directory service. User management of a 
Integrated Lights-Out requires three basic objects in the directory service: 

• Lights-Out Management object 

• Role object 

• User objects 

Each object represents a device, user, or relationship that is required for 
directory-based management. 
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NOTE: After the snap-ins are installed, ConsoleOne and MMC must be 
restarted to show the new entries. 

After the snap-in is installed, Integrated Lights-Out objects and Integrated 
Lights-Out roles can be created in the directory. Using the Users and Computers 
tool, the user will: 

• Create the Integrated Lights-Out and role objects. 

• Add users to the role objects. 

• Set the rights and restrictions of the role objects. 

Active Directory Snap-Ins 

The following sections discuss the additional management options available 
within Active Directory Users and Computers after the HP snap-ins have been 
installed. 
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HP Devices 

The HP Devices tab is used to add the HP devices to be managed within a role. 
Clicking Add enables you to browse to a specific HP device and add it to the list 
of member devices. Clicking Remove enables you to browse to a specific HP 
device and remove it from the list of member devices. 
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Members 

After user objects are created, the Members tab enables you to manage the users 
within the role. Clicking Add enables you to browse to the specific user you 
want to add. Highlighting an existing user and clicking Remove removes the user 
from the list of valid members. 
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Role Restrictions 



The Role Restrictions subtab allows you to set login restrictions for the role. 
These restrictions include: 
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• Time Restrictions 

• IP Network Address Restrictions 
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Time Restrictions 



You can manage the hours available for logon by members of the role by 
clicking Effective Hours in the Role Restrictions tab. In the Logon Hours pop- 
up window, you can select the times available for logon for each day of the week 
in half-hour increments. You can change a single square by clicking it, or you 
can change a section of squares by clicking and holding the mouse button, 
dragging the cursor across the squares to be changed, and releasing the mouse 
button. The default setting is to allow access at all times. 
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Enforced Client IP Address or DNS Name Access 

Access can be granted or denied to an IP address, IP address range, or DNS 
names. 

1. In the By Default drop-down menu, select whether to Grant or Deny access 
from all addresses except the specified IP addresses, IP address ranges, and 
DNS names. 

2. Select the addresses to be added, select the type of restriction, and click Add. 

3. In the new restriction popup window, enter the information and click OK. 
The new restriction popup window displays. 

NOTE: The DNS Name option allows you to restrict access based on a 
single DNS name or a subdomain, entered in the form of 
host.company.com or *. domain. company. com. 

4. Click OK to save the changes. 
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5. To remove any of the entries, highlight the entry in the display list and click 
Remove. 
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Active Directory Lights-Out Management 

After a role is created, rights for the role can be selected. Users and group objects 
can now be made members of the role, giving the users or group of users the 
rights granted by the role. Rights are managed on the Lights Out Management 
tab. 
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The available rights are: 

• Login — This option controls whether users can log in to the associated 
devices. 
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• Remote Console — This option enables the user access to the Remote 
Console. 

• Virtual Media — This option enables the user access to the iLO virtual media 
functionality. 

• Server Reset and Power — This option enables the user access to the iLO 
Virtual Power button to remotely reset the server or power it down. 

• Administer Local User Accounts — This option enables the user to 
administer accounts. The user can modify their account settings, modify 
other user account settings, add users, and delete users. 

• Administer Local Device Settings — This option enables the user to 
configure the iLO management processor settings. These settings include the 
options available on the Global Settings, Network Settings, SNMP 
Settings, and Directory Settings screens of the iLO Web browser. 

Directory Services for eDirectory 

The following sections provide installation prerequisites, preparation, and a 
working example of Directory Services for eDirectory. 

eDirectory Installation Prerequisites 

Directory Services for iLO uses LDAP over SSL to communicate with the 
directory servers. The iLO software is designed to install in an eDirectory version 
8.6. 1 (and above) tree. HP does not recommend installing this product if you 
have eDirectory servers with a version less than eDirectory 8.6.1. Before 
installing snap-ins and schema extensions for eDirectory, you should read and 
have available the following technical information documents, available at 
Novell Support ( http://support.novell.com ). 

IMPORTANT: Installing Directory Services for Integrated Lights-Out 
requires extending the eDirectory schema. Extending the schema must 
be completed by a Schema Administrator. 

• TID 1 006659 1 Novell eDirectory 8. 6 NDS compatibility 

• TID 10057565 Unknown objects in a mixed environment 

• TID 10059954 How to test whether LDAP is working correctly 
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• TID 10023209 How to configure LDAP for SSL (secure) connections 

• TID 1 00750 1 0 How to test LDAP authentication 

Snap-in Installation and Initialization for eDirectory 

1. Run the snap-in installation application to install the snap-ins. 

2. Configure the directory service to have the appropriate objects and 
relationships for iLO management. 

a. Use the management snap-ins from HP to create iLO, Policy, Admin, 
and User Role objects. 

b. Use the management snap-ins from HP to build associations between the 
iLO object, the policy object, and the role object. 

c. Point the iLO object to the Admin and User role objects (Admin and 
User roles will automatically point back to the iLO object). 

NOTE: For more information on Integrated Lights-Out objects, see 
"Directory Services Objects". 

At a minimum, you must create: 

• One Role object that will contain one or more users and one or more iLO 
objects. 

• One iLO object corresponding to each iLO management processor that will 
be using the directory. 

NOTE: After the snap-ins are installed, ConsoleOne and MMC must be 
restarted to show the new entries. 

Example: Creating and Configuring Directory Objects for Use with iLO in 
eDirectory 

The following example shows how to set up roles and HP devices in a company 
called samplecorp, which consist of two regions, regionl and region2. 



124 Integrated Lights-Out User Guide 



Assume samplecorp has an enterprise directory arranged according to the 
following screen. 
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Begin by creating organizational units in each region, which will contain the 
Lights-Out Management devices and roles specific to that region. In this 
example, two organizational units are created, called roles and hp devices, in 
each organizational unit, regionl and region2. 

Use the HP provided ConsoleOne snap-ins to create Lights-Out Management 
objects in the hp devices organizational unit for several iLO devices. 

a. Right-click the hp devices organizational unit found in the regionl 
organizational unit, and select New then Object. 

b. Select hpqTarget from the list of classes and click OK. 

c. Enter an appropriate name and surname in the New hpqTarget dialog 
box. In this example, the DNS host name of the iLO device, rib-email- 
server will be used as the name of the Lights-Out Management object, 
and the surname will be RILOEII. Click OK. 
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d. The Select Object Subtype dialog box is displayed. Select Lights Out 
Management Device from the list, and click OK. 

e. Repeat the process for several more iLO devices with DNS names rib- 
nntp-server and rib-file-server-users 1 in hp devices under regionl, and 
rib-file-server-users2 and rib -app- server in hp devices under region2. 
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3. Use the HP provided ConsoleOne snap-ins to create HP Role objects in the 
roles organizational units. 

a. Right-click the roles organizational unit found in the regionl 
organizational unit, and select New then Object. 

b. Select hpqRole from the list of classes and click OK. 

c. Enter an appropriate name in the New hpqRole dialog box. In this 
example, the role will contain users trusted for remote server 
administration and will be named remote Admins. Click OK. 
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d. The Select Object Subtype dialog box is displayed. Because this role 
will be managing the rights to Lights-Out Management devices, select 
Lights Out Management Devices from the list, and click OK. 

e. Repeat the process, creating a role for remote server monitors, named 
remoteMonitors, in roles in regionl, and a remoteAdmins and a 
remoteMonitors role in roles in region!. 

Use the HP provided ConsoleOne snap-ins to assign rights to the role and 
associate the roles with users and devices. 

a. Right-click on the remoteAdmins role in the roles organizational unit in 
the regionl organizational unit, and select Properties. 

b. Select the Role Managed Devices subtab of the HP Management tab, 
and click Add. 
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c. Using the Select Objects dialog box, browse to the hp devices 
organizational unit in the regionl organizational unit. Select the three 
Lights-Out Management objects created in step 2. Click OK, then click 
Apply. 

d. Next, add users to the role. Click the Members tab, and add users using 
the Add button and the Select Object dialog box. 

e. The devices and users are now associated. Use the Lights Out 
Management Device Rights subtab of the HP Management tab to set 

the rights for the role. All users within a role will have the rights 
assigned to the role on all of the iLO devices managed by the role. In this 
example, the users in the remoteAdmins role will be given full access to 
the iLO functionality. Select the boxes next to each right, and click 
Apply. Click Close to close the property sheet. 
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5. Using the same procedure as in step 4, edit the properties of the 
remoteMonitors role: 



128 Integrated Lights-Out User Guide 



a. Add the three iLO devices within hp devices under regionl to the 
Managed Devices list on the Role Managed Devices subtab of the 
HP Management tab. 

b. Add users to the remoteMonitors role using the Members tab. 

c. Then, using the Lights Out Management Device Rights subtab of the 
HP Management tab, select the check box next to Login, and click 
Apply and Close. Members of the remoteMonitors role will be able to 
authenticate and view the server status. 

User rights to any Integrated Lights-Out device are calculated as the sum of all 
the rights assigned by all the roles in which the user is a member, and in which 
the Integrated Lights- Out device is a Managed Device. Following the preceding 
examples, if a user is in both the remoteAdmins and remoteMonitors roles, they 
will have all the rights, because the remoteAdmins role has those rights. 

To configure a Integrated Lights-Out device and associate it with a Lights-Out 
Management object used in this example, use settings similar to the following on 
the Directory Settings screen. 

NOTE: Commas, not periods, are used in LDAP distinguished names 
to separate each component. 

RIB Object DN = cn=rib-email-server , ou=hp 
devices, ou=regionl, o=samplecorp 

Directory User Context 1 = ou=users , o=samplecorp 

For example, user CSmith, located in the users organizational unit within the 
samplecorp organization, who is also a member of one of the remoteAdmins or 
remoteMonitors roles, would be allowed to log in to the iLO. They would type 
c smith (case insensitive) in the Login Name field of the iLO login screen and 
use their eDirectory password in the Password field of that screen to gain access. 

Directory Services Objects for eDirectory 

One of the keys to directory-based management is proper virtualization of the 
managed devices in the directory service. This virtualization allows the 
administrator to build relationships between the managed device and user or 
groups already contained within the directory service. User management of a 
Integrated Lights-Out requires three basic objects in the directory service: 

• Lights-Out Management object 
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• Role object 

• User objects 

Each object represents a device, user, or relationship that is required for 
directory-based management. 

NOTE: After the snap-ins are installed, ConsoleOne and MMC must be 
restarted to show the new entries. 

After the snap-in is installed, Integrated Lights-Out objects and Integrated 
Lights-Out roles can be created in the directory. Using the Users and Computers 
tool, the user will: 

• Create the Integrated Lights-Out and role objects. 

• Add users to the role objects. 

• Set the rights and restrictions of the role objects. 
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Role Managed Devices 



The Role Managed Devices subtab under the HP Management tab is used to 
add the HP devices to be managed within a role. Clicking Add allows you to 
browse to the specific HP device and add it as a managed device. 
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Members 



After user objects are created, the Members tab allows you to manage the users 
within the role. Clicking Add allows you to browse to the specific user you want 
to add. Highlighting an existing user and clicking Delete removes the user from 
the list of valid members. 
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Role Restrictions 

The Role Restrictions subtab allows you to set login restrictions for the role. 
These restrictions include: 

• Time Restrictions 

• IP Network Address Restrictions 
- IP/Mask 
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- IP Range 
• DNS Name 
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Time Restrictions 

You can manage the hours available for logon by members of the role by using 
the time grid displayed in the Role Restrictions subtab. You can select the times 
available for logon for each day of the week in half-hour increments. You can 
change a single square by clicking it, or a section of squares by clicking and 
holding the mouse button, dragging the cursor across the squares to be changed, 
and releasing the mouse button. The default setting is to allow access at all times. 

Enforced Client IP Address or DNS Name Access 

Access can be granted or denied to an IP address, IP address range, or DNS 
names. 
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1. In the By Default drop-down menu, select whether to Allow or Deny access 
from all addresses except the specified IP addresses, IP address ranges, and 
DNS names. 

2. Select the addresses to be added, select the type of restriction, and click Add. 

3. In the Add New Restriction popup window, enter the information and click 
OK. The Add New Restriction popup for the IP/Mask option is shown. 

NOTE: The DNS Name option allows you to restrict access based on a 
single DNS name or a subdomain, entered in the form of 
host.company.com or *. domain. company. com. 

4. Click Apply to save the changes. 

To remove any of the entries, highlight the entry in the display field and click 
Delete. 
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Lights-Out Management 



After a role is created, rights for the role can be selected. Users and group objects 
can now be made members of the role, giving the users or group of users the 
rights granted by the role. Rights are managed on the 

Lights Out Management Device Rights subtab of the HP Management tab. 
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The available rights are: 

• Login — This option controls whether users can log in to the associated 
devices. 

• Remote Console — This option enables the user access to the Remote 
Console. 

• Virtual Media — This option enables the user access to the iLO virtual media 
functionality. 
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• Server Reset and Power — This option enables the user access to the iLO 
Virtual Power button to remotely reset the server or power it down. 

• Administer Local User Accounts — This option enables the user to 
administer accounts. The user can modify their account settings, modify 
other user account settings, add users, and delete users. 

• Administer Local Device Settings — This option enables the user to 
configure the iLO management processor settings. These settings include the 
options available on the Global Settings, Network Settings, SNMP 
Settings, and Directory Settings screens of the iLO Web browser. 



Configuring Directory Settings 
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The Directory Settings screen contains the following settings options: 
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• Directory Authentication — This option designates whether a directory 
server is used to authenticate a user login. By default, this setting is 
Disabled. 

• Local User Accounts — This options enables a user to log in using a local 
user account instead of a directory account. By default, this setting is 
Enabled. 

• Directory Server Address — This option designates the IP address or DNS 
Name of the directory server or the name of the domain. This setting is 
required if you are using directory services for user authentication. HP 
recommends using a DNS name or multi-host DNS name. If an IP address is 
used, the directory will not be available if that server is down. 

• Directory Server LDAP Port — This option designates the port used for 
LDAP communications. The default setting is the secure LDAP port 636. If 
you change the LDAP port, it must be an LDAP over SSL port. 

• LOM Object Distinguished Name — This option specifies the full 
distinguished name of the Lights-Out Device object in the directory service. 
For example, CN=RILOE20BJECT,CN=Users,DC=HP,DC=com. 
Distinguished names are limited to 256 characters. 

• LOM Object Password — This option specifies the password the Lights-Out 
device object will use to login to its corresponding object in the directory. 
The password is used by the iLO to communicate with the directory. It is not 
necessary if the directory will only be used for user authentication and 
access. Passwords are limited to 39 characters. 

NOTE: At this time, the LOM Object Password field is not used. This 
field is to provide forward compatibility with future firmware releases. 

• Directory User Context — This option specifies search contexts when 
authenticating a user. These settings point to areas in the directory service 
where users are located so the user does not have to enter the complete tree 
structure when logging in. For example, CN=Users,DC=HP,DC=com. 
Directory User Contexts are limited to 128 characters each. 

Any changes to the screen are completed by clicking Apply Settings. Test 
Settings enables you to test the communication between the directory server and 
the iLO board. 
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Directory Tests 



To validate current directory settings for iLO, click the Test Settings button on 
the Directory Settings page. The Directory Tests page will display. 
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The test page displays the results of a series of simple tests designed to validate 
the current directory settings. Additionally, it includes a test log that shows test 
results as well as any problems that have been detected. After your directory 
settings are configured correctly, you do not need to re-run these tests. The 
Directory Tests screen does not require the user to be logged-in as a directory 
user. 

To verify your directory settings, enter the distinguished name and password of a 
directory administrator. A good choice would be the same credentials used when 
creating the iLO objects in the directory. These credentials are not stored by iLO. 
They are used to verify the iLO object and user search contexts. 

Also enter a test user name and password. Typically, this would be an account 
intended to access the iLO being tested. It can be the same account as the 
directory administrator, however the tests will be unable to verify user 
authentication with a "superuser" account. These credentials are not stored by 
iLO. 

After pressing the Start Test button, several tests begin in the background, 
starting with a network ping of the directory user through establishing an SSL 
connection to the server and evaluating user privileges as they would be 
evaluated during a normal login. 

While the tests are running, the page periodically refreshes. At any time during 
test execution, you can stop the tests or manually refresh the page. 

Consult the help link on the page for test details and actions in the event of 
trouble. 

User Login to iLO 

The iLO login page Login Name field accepts all of the following: 

• Directory users 

• LDAP Fully Distinguished Names 

Example: CN=John Simth,CN=Users,DC=HP,DC=COM, or @HP.com 
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NOTE: The short form of the login name by itself does not tell the 
directory which domain you are trying to access. You must provide the 
domain name or use the LDAP distinguished name of your account. 

• DOMAIN\user name form (Active Directory Only) 
Example: HP\j smith 

• username@ domain form (Active Directory Only) 

Example: jsmith@hp.com 

NOTE: Directory users specified using the @ searchable form may be 
located in one of three searchable contexts, which are configured within 
Directory Settings. 

• User name form 
Example: John Smith 

NOTE: Directory users specified using the user name form may be 
located in one of three searchable contexts, which are configured within 
Directory Settings. 

• Local users — Login-ID 

NOTE: On the iLO login page, the maximum length of the Login Name 
is 39 characters for local users. For Directory Services users, the 
maximum length of the Login Name is 256 characters. 

The local user database is retained. The customer can decide not to use 
directories, to use a combination of directories and local accounts, or use 
directories exclusively for authentication. 

NOTE: When connected through the Diagnostics Port, the directory 
server is not available. You can log in using a Local account only. 
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Group Administration and Integrated Lights- 
Out Scripting 

In This Section 

Features of the Lights-Out Configuration Utility 141 

Group Administration Using the Lights-Out Configuration Utility and Insight Manager 7 142 
Batch Processing Using the Lights-Out Configuration Utility 145 

Features of the Lights-Out Configuration Utility 

Firmware version 1. 10 added support for XML-based scripted configuration of 
iLO. User Administration, Global Settings, Network Settings, SNMP/Insight 
Manager Settings, Upgrade iLO Firmware, Licensing, and ProLiant BL p-Class 
Rack Settings may be configured through iLO scripting. 

The scripting utility that can be used for iLO is the Lights-Out Configuration 
Utility (CPQLOCFG.EXE), which is a Windows-based utility that connects to 
iLO using a secure connection over the network. This utility may be downloaded 
from the HP website ( http ://w w w . hp. com/server s/li ghts-out ) . 

The CPQLOCFG utility may be launched from Insight Manager 7 for Group 
Administration or used independently for a command prompt for batch 
processing. 

NOTE: Version 2.2 of CPQLOCFG.EXE is required to configure the 
iLO Directory Settings XML script. 

The Lights-Out Configuration Utility allows you to perform the following 
functions: 

• Add, modify, or delete a user. 

• Obtain individual or all users' configuration information. 

• Modify network settings. 



• Modify global settings. 
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• Modify directory settings. 

• Clear the iLO Event Log. 

• Obtain the firmware version of the iLO. 

• Update the iLO firmware. 

• Configure Remote Console hot key settings. 

• Obtain and set Virtual Power Button status. 

• Obtain the server power status. 

• Reset the server. 

Group Administration Using the Lights-Out 
Configuration Utility and Insight Manager 7 

After the firmware has been updated, the IT administrator can manage multiple 
iLO processors through Insight Manager 7. The four components of Group 
Administration are RIBCL, the Lights-Out Configuration Utility, Query 
Definition in Insight Manager 7, and Application Launch. 

Insight Manager 7 discovers the iLO devices as management processors. Insight 
Manager 7 uses the Lights-Out Configuration Utility to send an RIBCL file to a 
group of iLO processors to manage the user accounts for those iLO processors. 
The iLO processors then perform the action designated by the RIBCL file and 
send a response to the log file. 

Lights-Out Configuration Utility 

The Lights-Out Configuration Utility is used to execute RIBCL scripts on the 
iLO boards. The executable file for the utility is CPQLOCFG.EXE. You can 
download this utility from the HP website ( http://www.hp.com/servers/lights- 
out). 

The Lights-Out Configuration Utility must reside on the same server as Insight 
Manager 7. The Lights-Out Configuration Utility generates two types of error 
messages: runtime and syntax. A runtime error occurs when an invalid action is 
requested. 
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NOTE: Runtime errors are logged to the following directory: 
C:\PROGRAM FILESMNSIGHT MANAGER 7 

A syntax error occurs when an invalid XML tag is encountered. When a syntax 
error occurs, the Lights-Out Configuration Utility stops running and logs the 
error in the runtime script and output log file. 

NOTE: Syntax errors take the format of "Syntax error: expected 'x' but 
found y " as shown in the following example: Syntax error: 
expected USER_LOGIN=user login but found 
USER_NAME=username 

Refer to the RIBCL section ("Remote Insight Command Language" on page 159) 
for a complete listing of errors. 



Query Definition in Insight Manager 7 

To group all of the iLO boards, log in to Insight Manager 7 and create a query. 

To create the query: 

1 . Log in to Insight Manager 7. 

2. Click Device in the navigation bar on the top left side of the screen. 

3. Click Queries, then click Device. 

4. Locate the Personal Queries section in the main window. If a query 
category exists, proceed to step 7; otherwise proceed to step 5. 

5. Click New to create a new category. For this example, the name of the new 
category is RIB Cards. Click Create Category. 

6. Click Queries to return to the Device Queries screen. 

7. Click New, within the appropriate query category, to open the Create/Edit 
Query screen where the query definition is created. 

8. Define the query name, for example "Mgmt Processors." 

9. Select Device(s) of type and then select Devices by product name. In the 
criteria windows, set the product name to Integrated Lights-Out. 

10. Click type in the Query Description field. A popup window opens where 
you define the device type. 
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11. Select Management Processor and click OK. 

12. Click Save to return to the Device Query screen. 

13. Find the newly created query in the appropriate query category and click the 
query name to run it for verification. 

14. Click Overview on the left side of the screen after the verification has taken 
place. The initial page for devices opens. 

Application Launch Using Insight Manager 7 

The application launch combines the RIBCL, the Lights-Out Configuration 
Utility, and the query definition to manage the Group Administration for the iLO 
management processors. 

To create an Application Launch task: 

1 . Click Device in the navigation bar on the top left side of the screen. 

2. Click Tasks to open the Tasks screen. 

3. Click New Control Task. A drop-down menu is displayed. 

4. Click Application Launch from the drop-down menu to open the 
Create/Edit Task screen. 

5. Enter the full path and name for the Lights-Out Configuration Utility in the 
area provided. If the CPQLOCFG.EXE file is in the root directory of the C:\ 
drive, then the path is: C:\cpqlocfg.exe. 

6. Enter the parameters in the area provided. Insight Manager 7 requires the 
following parameters for the Lights-Out Configuration Utility: 

-F is the full path of the RIBCL file name. 

-V is the verbose message (optional). 

If the RIBCL file is in the root directory of on the C:\ drive, then the 
parameters are: 

-F C:\MANAGEUSERS.xml -V 
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NOTE: Insight Manager 7 does not allow the -l parameter to 
designate an output log file. A default log file named with the DNS name 
or the IP address is created in the same directory where CPQLOCFG is 
launched. 

7. Click Next. A screen is displayed with options for naming the task, defining 
the query association, and setting a schedule for the task. 

8. Enter a task name in the Enter a name for this task field. 

9. Select the query that had been created earlier, for example "Mgmt 
Processors." 

10. Click Schedule to define when the Application Launch task will run. A 
schedule configuration window is displayed. 

11. Click OK to set the schedule. 

NOTE: The default schedule for a control task is Now. 

12. Click Finish to save the Application Launch task. 

13. Click the Execute a Task icon (the green triangle) to execute the Group 
Administration. 

NOTE: Insight Manager 7 does not allow the -l parameter to 
designate an output log file. A default log file named with the DNS name 
or the IP address is created in the same directory where CPQLOCFG is 
launched. 

NOTE: Syntax errors take the format of "Syntax error: expected 'x' but 
found 'y' " as shown in the following example: Syntax error: 
expected USER_LOGIN=user login but found 
USER NAME=username 



Batch Processing Using the Lights-Out 
Configuration Utility 

Group Administration can also be delivered to iLO through batch processing. 
The components used by batch processing are the Lights-Out Configuration 
Utility, an RIBCL file, and a batch file. 
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Lights-Out Configuration Utility Parameters 

The Lights-Out Configuration Utility is used to execute the RIBCL ("Remote 
Insight Command Language" on page 159) on the Integrated Lights-Out. The 
executable for the Lights-Out Configuration Utility is CPQLOCFG.EXE. This 
utility can be downloaded from the HP website 
( http ://w w w .hp . com/servers/li ghts-out ) . 

The following example shows a sample batch file that can be used to perform the 
Group Administration for the Integrated Lights-Out: 

REM Updating the Integrated Lights-Out board 
REM Repeat line for each board to be updated 
REM 

CPQLOCFG -S RIB1 -F C : \ . . . SCRI PT . XML -L RIB1L0G.TXT -V 
CPQLOCFG -S RIB2 -F C : \ ... SCRI PT . XML -L RIB2L0G.TXT -V 
CPQLOCFG -S RIB3 -F C : \ ... SCRI PT . XML -L RIB3L0G.TXT -V 



CPQLOCFG -S RIBN -F C : \ ... SCRI PT . XML -L LOGFILE.TXT -V 

• -Sis the switch that determines the Integrated Lights-Out that is to be 
updated. This switch is either the DNS name or IP address of the target 
server. 

Do not use this switch if you are launching from iLO. Insight Manager 7 will 
provide the address of the Insight Manager 7 when CPQLOCFG.EXE is 
launched. 

• -F is the switch that gives the full path location and name of the RIBCL file 
that contains the actions to be performed on the board. 

• -L is the switch that defines where the log file will be generated and what 
the file name will be. If this switch is omitted, a default log file with the DNS 
name or the IP address is created in the same directory used to launch 
CPQLOCFG. 

Do not use this switch if launching from Insight Manager 7. 

• -V is the optional switch that turns on the verbose message return. The 
resulting log file contains all commands sent to the Remote Insight board, all 
responses from the Remote Insight board, and any errors. By default, only 
errors and responses from GET commands are logged without this switch. 
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• -C causes CPQLOCFG to check the syntax of the XML, but not open a 
connection to the Remote Insight board. 

The switches -L and -V may or may not be set depending on the 
IT administrator's preferences. 

If it is not in the same directory, be sure that the Lights-Out Configuration Utility 
is in a directory referenced by the PATH environment variable. Any log files 
generated are placed in the same directory as the Lights-Out Configuration 
Utility executable. 

NOTE: The Lights-Out Configuration Utility overwrites any existing log 
files. 
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Lights-Out DOS Utility 

In This Section 



Overview of the Lights-Out DOS Utility 149 

CPQLODOS General Guidelines 150 

Command Line Arguments 150 

CPQLODOS 152 

MOD_NETWORK_SETTINGS 152 

MOD_DIR_CONFIG 155 

ADD_USER 157 



Overview of the Lights-Out DOS Utility 

CPQLODOS is a command line utility that is a part of the SmartStart Scripting 
Toolkit. It is intended to be an initial configuration program to set up only those 
essential iLO settings necessary to allow one of the other full-featured 
configuration methods. Because of this limited usage model, it processes only a 
small subset of the iLO scripting language. 

NOTE: CPQLODOS is a DOS-only tool that requires MS-DOS® 6.0 or 
higher. Lights-Out scripting is not supported on Linux operating systems 
or when using the Novell NetWare Client. 

CPQLODOS enables you to configure features exposed through F8 startup or the 
graphical user interface. This utility is not intended for continued administration. 
The RIBCL should be used to administer user rights and network functionality 
on the server. 



NOTE: This utility is primarily a reconfiguration tool. Any existing 
configuration will be removed. 
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CPQLODOS General Guidelines 

In this section, all of the commands are grouped by functionality. All commands 
that manipulate user information are grouped together. Grouping commands 
allows the firmware to view the data to be manipulated as a block of information, 
similar to a text document, allowing for multithreaded access to the different 
kinds of information. 

An opening command opens a database. The database remains open until the 
matching closing command is sent. All changes made within a single command 
block are applied simultaneously when the database is closed. Any errors within 
the block cause the enclosed changes to be discarded. 

An example of an opening command and its matching closing command are as 
follows: 

<USER_INFO> 
</USER_INFO> 

In all examples, the opening and closing commands are displayed. 

Command Line Arguments 

The following table lists the arguments recognized by CPQLODOS. 
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Command Line Argument 


Description 


/HELP or/? 


These arguments display simple help messages. 


/RESET_RILOE 


This argument resets the iLO management processor to 
default factory settings. 


/DETECT 


This argument detects the iLO management processor on 
the target server. 


/RESET_RILOE 


This argument resets the iLO management processor. 


/VIRT_FLOPPY 


This argument ignores the virtual floppy inserted error. 


/MIN_FW-xxx 


This argument enables you to set the minimum firmware 
version on which the iLO management processor runs. 


/GET_STATUS 


This argument returns the status of the iLO management 
processor. 


/GET_HOSTINFO 


This argument retrieves and displays the current host server 
information on the iLO management processor and displays 
the server name and number. 


/GET_USERINFO 


This argument obtains the current users stored in the iLO 
management processor board and displays the names, login 
names, and security mask information. 


/GET_NICCONFIG 


This argument retrieves and displays the NIC settings stored 
in the iLO management processor. 


/GET_DHCPCONFIG 


This argument retrieves and displays the DHCP settings 
stored in the iLO management processor. 


/GET_DIRCONFIG 


This argument retrieves and displays the DIRECTORY 
settings in the iLO management processor. 


/WRITE_XML=A:\DL360.RLO 


This argument reads the settings on the iLO management 
processor and writes the NIC, DHCP, DIRECTORY, and 
user settings into an XML hardware configuration script file. 


/LOAD_XML=A:\DL360.RLO 


This argument loads the script file and applies its changes to 
the current configuration on the iLO management processor. 


/VERIFY_XML 


This argument verifies the accuracy of the script file and 
generates an error message for any incorrect data. 
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CPQLODOS processes the <CPQLODOS>, the 

<MOD_NETWORK_SETTINGS>, the <MOD_DIR_CONFIG> , and the 
<ADD_USER> XML scripting language blocks. Only those parameters 
referenced in the following sections are supported. 



CPQLODOS 

This command is used to start and end a CPQLODOS session. It can be used 
only once, and it must be the first and last statement in an XML script. 

Example: 

<CPQLODOS VERSION="2 . 0"> 
</CPQLODOS> 

CPQLODOS Parameter 

VERSION is a numeric string that indicates the version of CPQLODOS 
necessary to process this script. The VERSION string is compared to the version 
that CPQLODOS can process. An error is returned if the version of CPQLODOS 
and the version of the script do not match. The VERSION parameter can never 
be blank. 



CPQLODOS Runtime Error 



The possible CPQLODOS error messages include Version must not be 
blank . 



MOD_NETWORK_SETTINGS 

This command modifies certain network settings. All of the elements are optional 
and any options not specified will be set to the factory default. 

Example: 

<MOD_NETWORK_SETTINGS> 

<SPEED_AUTOSELECT VALUE = "N"/> 
<NIC SPEED VALUE = "10"/> 
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<FULL_DUPLEX VALUE = "N"/> 
<IP_ADDRESS VALUE = "192 . 168 . 1 . 2 "/> 
<SUBNET_MASK VALUE = "255 . 255 . 255 . 0 " /> 
<GATEWAY_IP_ADDRESS VALUE = "192 . 168 . 1 . 222 "/> 
<DNS_NAME VALUE = "RIBO 0 02A5 6 1 7D3B" /> 
<PRIM_DNS_SERVER value = " 1 92 . 1 68 . 2 . 2 0 0 " /> 
<DOMAIN_NAME VALUE = " riloe . mgmt . net" /> 
<DHCP_ENABLE VALUE = "Y"/> 
<DHCP_GATEWAY VALUE = "Y"/> 
<DHCP_DNS_SERVER VALUE = "Y"/> 
<DHCP_STATIC_ROUTE VALUE = "Y"/> 
<DHCP_WINS_SERVER VALUE = "Y"/> 
<REG_WINS_SERVER VALUE = "Y"/> 
<PRIM_WINS_SERVER VALUE = " 1 92 . 1 6 8 . 2 . 22 0 " /> 
<STATIC_ROUTE_l DEST = "192.168.5.1" GATEWAY = 
"192.168.5.200"/> 

<STATIC_ROUTE_2 DEST = "192.168.5.2" GATEWAY = 
"192.168.5.200"/> 

<STATIC_ROUTE_3 DEST = "192.168.5.3" GATEWAY = 
"192.168.5.200"/> 
</MOD_NETWORK_SETTINGS> 

MOD_NETWORK_SETTINGS Parameters 

SPEED_AUTOSELECT is used to automatically select the transceiver speed. 
The possible values are "Yes" or "No." It is case insensitive. 

FULL_DUPLEX is used to decide if the iLO is to support full-duplex or half- 
duplex mode. It is only applicable if SPEED_AUTO SELECT was set to "No." 
The possible values are "Yes" or "No." It is case insensitive. 

NIC_SPEED is used to set the transceiver speed if SPEED_AUTOSELECT was 
set to "No." The possible values are "10" or "100." Any other values will result in 
a syntax error. 

DHCP_EN AB LE is used to enable DHCP. The possible values are "Yes" or 
"No." It is case insensitive. 

IP_ADDRESS is used to select the IP address for the iLO if DHCP is not 
enabled. If an empty string is entered, the current value is deleted. 
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SUBNET_MASK is used to select the subnet mask for the iLO if DHCP is not 
enabled. If an empty string is entered, the current value is deleted. 

G ATEW A Y_IP_ADDRES S is used to select the default gateway IP address for 
the iLO if DHCP is not enabled. If an empty string is entered, the current value is 
deleted. 

DNS_NAME is used to specify the DNS name for the iLO. If an empty string is 
entered, the current value is deleted. 

DOMAIN_NAME is used to specify the domain name for the network where the 
iLO resides. If an empty string is entered, the current value is deleted. 

DHCP_GATEWAY specifies if the DHCP-assigned gateway address is to be 
used. The possible values are "Yes" or "No." It is case sensitive. This selection is 
only valid if DHCP is enabled. 

DHCP_DNS_SERVER specifies if the DHCP-assigned DNS server is to be used. 
The possible values are "Yes" or "No." It is case sensitive. This selection is only 
valid if DHCP is enabled. 

DHCP_WINS_SERVER specifies if the DHCP-assigned WINS server is to be 
used. The possible values are "Yes" or "No." It is case sensitive. This selection is 
only valid if DHCP is enabled. 

DHCP_STATIC_ROUTE specifies if the DHCP-assigned static routes are to be 
used. The possible values are "Yes" or "No." It is case sensitive. This selection is 
only valid if DHCP is enabled. 

REG_WINS_SERVER specifies if the iLO needs to register with the WINS 
server. The possible values are "Yes" or "No." It is case sensitive. This selection 
is only valid if DHCP is enabled. 

PRIM_DNS_S ERVER specifies the IP address of the primary DNS server. This 
parameter is only relevant if the DHCP-assigned DNS server address feature is 
disabled. If an empty string is entered, the current value is deleted. 

SEC_DNS_SERVER specifies the IP address of the secondary DNS server. This 
parameter is only relevant if the DHCP-assigned DNS server address feature is 
disabled. If an empty string is entered, the current value is deleted. 
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TER_DNS_SERVER specifies the IP address of the tertiary DNS server. This 
parameter is only relevant if the DHCP-assigned DNS server address feature is 
disabled. If an empty string is entered, the current value is deleted. 

PRIM_WINS_SERVER specifies the IP address of the primary WINS server. 
This parameter is only relevant if the DHCP-assigned WINS server address 
feature is disabled. If an empty string is entered, the current value is deleted. 

SEC_WINS_SERVER specifies the IP address of the secondary WINS server. 
This parameter is only relevant if the DHCP-assigned WINS server address 
feature is disabled. If an empty string is entered, the current value is deleted. 

STATIC_ROUTE_l, STATIC_ROUTE_2, and STATIC_ROUTE_3 are used to 
specify the destination and gateway IP addresses of the static routes. The 
following two parameters are used within the static route commands. If an empty 
string is entered, the current value is deleted. 

• DEST specifies the destination IP addresses of the static route. This 
parameter is only relevant if the DHCP-assigned static route feature is 
disabled. If an empty string is entered, the current value is deleted. 

• GATEWAY specifies the gateway IP addresses of the static route. This 
parameter is only relevant if the DHCP-assigned static route feature is 
disabled. If an empty string is entered, the current value is deleted. 

NOTE: The iLO is rebooted to apply the changes after 
M O D_N ETWO R K_S ETT I N G S has been closed. 



MOD_DIR_CONFIG 

This command will modify certain directory services settings. If directory 
services is enabled, then all of the mandatory parameters must be entered for 
successful operation of directory services authentication and authorization. 

Example: 

<MOD_DIR_CONFIG> 

<DIR_AUTHENTICATION_ENABLED VALUE = " YES"/> 
<DIR_LOCAL_USER_ACCT VALUE = "YES"/> 

<DIR_SERVER_ADDRESS VALUE = \ " directory . corp . net " /> 
<DIR SERVER PORT VALUE = "636"/> 
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<DIR_OBJECT_DN VALUE = "CN^ 
DC=RILOEII, DC=HP"/> 
<DIR_OBJECT_PASSWORD VALUE 
<DIR_USER_C0NTEXT_1 VALUE ■ 
DC=HP"/> 

<DIR_USER_C0NTEXT_2 VALUE ■ 
DC=HP"/> 

<DIR_USER_C0NTEXT_3 VALUE ■ 
DC=HP"/> 
</MOD DIR CONFIG> 



RIL0E2-JJ, OU=RILOES, 

= "wingsauce" /> 
"CN=Users, DC=RILOEII, 

"CN=Mgmt, DC=RILOEII, 

"CN=Admins, DC=RILOEII, 



MOD DIR CONFIG Parameters 



DIR_AUTHENTICATION_ENABLED indicates if directory services should be 
used to determine authentication to and authorization for the iLO. The possible 
values are "Y," "Yes," "N," or "No." The default value is "No." This parameter is 
optional. 

DIR_LOCAL_USER_ACCT indicates if the local user accounts should be used 
in addition to using directory services user accounts. The possible values are "Y," 
"Yes," "N," or "No." It is effective only if 

DIR_AUTHENTICATION_ENABLED is set to Yes. The default value is "Yes." 
This parameter is optional. 

DIR_S ERVER_ADDRES S specifies the IP address or DNS name of the 
computer that the iLO will use for directory services operations. The possible 
values are a string or an IP address. This parameter is mandatory if 
DIR_AUTHENTICATION_ENABLED is set to Yes. 

DIR_SERVER_PORT specifies what port number on the directory services 
server that the iLO will use for communication. The possible values are any valid 
numeric IP port number. The default value is 636 and is an optional parameter. 

DIR_OBJECT_DN_VALUE specifies the directory services distinguished name 
of the iLO object in the directory. The possible value is a string that is the 
appropriate distinguished name of the iLO. This parameter is mandatory if 
DIR_AUTHENTICATION_ENABLED is set to Yes. 

DIR_OBJECT_PASSWORD specifies a password for the iLO that is used to 
access iLO objects. This password is currently unused but will be used in a future 
version of the firmware. 
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DIR_USER_CONTEXT_l, DIR_USER_CONTEXT_2, and 
DIR_USER_CONTEXT_3 specify directory service contexts that will be 
searched in the authentication and authorization process. When attempting to 
access a directory service, the user's name is added in front of each context string 
to form the full user name that is authenticated with directory services. The 
possible values are any valid directory service context string. These parameters 
are optional. 

ADD_USER 

This command is used to add a user to the iLO. If there are multiple ADD_USER 
commands in the XML script, CPQLODOS will use only the settings from the 
last command. 

Example: 

<ADD_USER 

USER_NAME 

USERJLOGIN 

PASSWORD = 
</ADD_USER> 

ADD_USER Parameters 

USER_NAME is the actual name of the user to be added. This parameter is case 
sensitive, can be any valid string, and has a maximum length of 39 characters. 
This string is used for display only and must never be blank. 

USER_LOGIN is the name that the user types in to log in to iLO. This parameter 
is case sensitive, can be any valid string, and has a maximum length of 39 
characters. The string must never be blank. 

PASSWORD is the password that will be associated with the user. This 
parameter has a minimum length of 0 characters, a maximum length of 39 
characters, depending on the minimum password length set on the Global 
Settings screen. PASSWORD is an ASCII string that may contain any 
combination of printable characters. The PASSWORD parameter cannot contain 
both single and double quote characters. This parameter is case sensitive. 



= "James Madison" 
= "jmadison" 
"president"> 
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Overview of the Remote Insight Board Command 
Language 



The Remote Insight Board Command Language enables you to write scripts to 
manage user accounts and to configure settings. 

IMPORTANT: Comments should not interrupt a command. If they do, 
an error message will be generated. 



Sample scripts for all iLO commands, described in this section are available for 
download from the HP website ( http://www.hp.com/servers/lights-out ). 



In this section, all of the commands are grouped by functionality. All commands 
that manipulate user information are grouped together. Grouping commands 
allows the firmware to view the data to be manipulated as a block of information, 
similar to a text document, allowing for multithreaded access to the different 
kinds of information. 

An opening command opens a database. The database remains open until the 
matching closing command is sent. All changes made within a single command 
block are applied simultaneously when the database is closed. Any errors within 
the block cause the enclosed changes to be discarded. 

An example of an opening command and its matching closing command are as 
follows: 

<USER INFO 



RIBCL 



Sample Scripts 



RIBCL 



General Guidelines 
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</USER_INFO> 

In all examples, the opening and closing commands are displayed. 

XML Header 

The XML header ensures the connection is an XML connection, not an HTTP 
connection. The XML header is built into the cpqlocfg utility and has the 
following format: 

<?xml version="l . 0"?> 

Data Types 

The three data types that are allowed in the parameter are: 

• String 

• Specific string 

• Boolean string 

String 

A string is any text enclosed in quotes. It can include spaces, numbers, or any 
printable character. A string may start with either a double or single quote and it 
must end with the same type of quote. The string may contain a quote if it is 
different from the string delimiter quotes. 

For example, if a string is started with a double quote, a single quote can be used 
within the string and the string must be closed with a double quote. 

Specific String 

A specific string is one that is required to contain certain characters. In general, 
you have a choice of words that are accepted as correct syntax and all other 
words produce an error. 
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Boolean String 

A Boolean string is a specific string that specifies a "yes" or "no" condition. 
Acceptable Boolean strings are "yes," "y," "no," "n," "true," "t," "false," and "f." 
These strings are not case sensitive. 

Response Definitions 

Every command that is sent to iLO generates a response. The response indicates 
whether the command succeeded or failed. Some commands generate additional 
information. The additional information is displayed in execution sequence, 
provided that no error occurred. 

Example: 

<RESPONSE 

STATUS="0x0001" 

MSG="There has been a severe error." 

/> 

• RESPONSE 

This tag name indicates that iLO is sending a response to the previous 
commands back to the client application to indicate the success or failure of 
the commands that have been sent to iLO. 

• STATUS 

This parameter contains an error number. The number "0x0000" indicates 
that there is no error. 

• MSG 

This element contains a message describing the error that happened. If no 
error occurred, the message "No error" is displayed. 

RIBCL 

This command is used to start and end an RIBCL session. You can use it only 
once to start an RIBCL session, and it must be the first command to display in 
the script. The RIBCL tags are required to mark the beginning and the end of the 
RIBCL document. 
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Example: 

<RIBCL VERSION="2 . 0"> 
</RIBCL> 

RIBCL Parameter 

VERSION is a string that indicates the version of the RIBCL that the client 
application is expecting to use. The VERSION string is compared to the version 
of the RIBCL that is expected, and an error is returned if the string and the 
version do not match. The preferred value for the VERSION parameter is "2.0." 
The VERSION parameter is no longer checked for an exact match; however, this 
parameter can never be blank. 



RIBCL Runtime Errors 



The possible RIBCL error messages include: 



Version must not be blank. 



LOGIN 

The LOGIN command provides the information that is used to authenticate the 
user whose permission level will be used when performing RIBCL actions. The 
specified user must have at least login privilege in order to be validated to 
execute any RIBCL commands. The user privilege is checked against the 
required privilege for a particular command, and an error is returned if the 
privilege level does not match. 

Example: 

<LOGIN USER_LOGIN="username" PASSWORD="password"> 
</LOGIN> 

NOTE: Users without administrative privileges can change their 
password setting. 



164 Integrated Lights-Out User Guide 



LOGIN Parameters 

USER_LOGIN is the name that the user types in to log in to iLO. This parameter 
is case sensitive, can be any valid string, and has a maximum length of 39 
characters. The string must never be blank. 

PASSWORD is the password that will be associated with the user. This 
parameter has a minimum length of 0 characters, a maximum length of 39 
characters, depending on the minimum password length set on the Global 
Settings screen. PASSWORD is an ASCII string that may contain any 
combination of printable characters. The PASSWORD parameter cannot contain 
both single and double quote characters. This parameter is case sensitive. 

LOGIN Runtime Errors 

The possible runtime error messages include: 

• User login name was not found. 

• Password must not be blank. 

• Logged-in user does not have required privilege for this command. 



USERJNFO 

The USERJNFO command may only display within a LOGIN command. When 
the command is parsed, it reads the local user information database into memory 
and prepares to edit it. Only commands that are USERJNFO type commands are 
valid inside the USERJNFO block. The USERJNFO command generates a 
response that indicates to the host application whether the user information was 
successfully read or not. If the user information is open for writing by another 
application, then this call will fail. 

Example: 

<USER_INFO MODE="write"> 
</USER_INFO> 
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USERJNFO Parameter 

MODE is a specific string parameter with a maximum length of 10 characters 
that specifies what you intend to do with the user information. Valid arguments 
are "read" and "write." 

If the parameter is open in write mode, then both reading and writing are enabled 
and other users are unable to open the user information. If it is open in read 
mode, then user data is not modifiable. The argument is not case sensitive. This 
parameter must never be blank. 

USERJNFO Runtime Error 

A possible runtime error message is: Mode parameter must not be 
blank . 

ADD_USER 

The ADD_USER command is used to add a local user. All of the attributes that 
pertain to the user are set using the following parameters. For this command to 
work, the user must not already exist. Use the MOD_USER command to change 
an existing user's information. The ADD_USER command must be displayed 
within a USERJNFO element, and USERJNFO must be in write mode. The 
user must have administrative privilege to add other users. 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="loginname" PASSWORD="password"> 

<USER_INFO MODE="write"> 

<ADD_USER 

USER_NAME="User" 

USER_LOGIN="username" PASSWORD="password"> 

<ADMIN_PRIV value ="No"/> 

<REMOTE_CONS_PRIV value ="Yes"/> 

<RESET_SERVER_PRIV value ="No"/> 

<VIRTUAL_MEDIA_PRIV value ="No"/> 

<CONFIG_ILO_PRIV value ="No"/> 
</ADD_USER> 
</USER_INFO> 
</LOGIN> 
</RIBCL> 
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ADD_USER Parameters 

USER_NAME is the actual name of the user to be added. This parameter is case 
sensitive, can be any valid string, and has a maximum length of 39 characters. 
This string is used for display only and must never be blank. 

USER_LOGIN is the name that the user types in to log in to iLO. This parameter 
is case sensitive, can be any valid string, and has a maximum length of 39 
characters. The string must never be blank. 

PASSWORD is the password that will be associated with the user. This 
parameter has a minimum length of 0 characters, a maximum length of 39 
characters, depending on the minimum password length set on the Global 
Settings screen. PASSWORD is an ASCII string that may contain any 
combination of printable characters. The PASSWORD parameter cannot contain 
both single and double quote characters. This parameter is case sensitive. 

ADMIN_PRIV is a Boolean parameter that allows the user to administer user 
accounts. The user can modify their account settings, modify other user account 
settings, add users, and delete users. Leaving out this parameter prevents the user 
from adding, deleting, or configuring accounts. 

REMOTE_CONS_PRIV is a Boolean parameter that gives permission for the 
user to access the Remote Console functionality. This parameter is optional, and 
the Boolean string must be set to "Yes" if the user should have Remote Console 
privileges. If this parameter is used, the Boolean string value must never be left 
blank. Leaving out this privilege will deny the user access to any Remote 
Console functionality. 

RESET_SERVER_PRIV is a Boolean parameter that gives the user permission 
to remotely reset the server or power it down. This parameter is optional, and the 
Boolean string must be set to "Yes" if the user is allowed to modify the server 
power. If this parameter is used, the Boolean string value must never be left 
blank. Leaving out this parameter denies the user server reset privileges. 

VIRTU AL_MEDIA_PRIV is a Boolean parameter that gives the user permission 
to access the virtual floppy functionality. This parameter is optional, and the 
Boolean string must be set to "Yes" if the user should have virtual floppy 
privileges. If this parameter is used, the Boolean string value must never be left 
blank. Leaving out this parameter denies the user virtual floppy privileges. 
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CONFIG_ILO_PRIV is a Boolean parameter that allows the user to configure 
iLO settings. This privilege includes network settings, global settings, Insight 
Manager settings, and SNMP settings. This parameter is optional, and the 
Boolean string must be set to "Yes" if the user should be allowed to configure 
iLO. If this parameter is used, the Boolean string value must never be blank. 

NOTE: The following parameters are not applicable to a user's 
priveleges in iLO firmware versions 1 .40 and higher. The parameters 
will parse correctly, but user privileges will not be affected. 

VIEW_LOGS_PRIV is a Boolean parameter that gives the user permission to 
view the iLO system logs. This parameter is optional, and the Boolean string 
must be set to "Yes" if the user should be allowed to view logs. If this parameter 
is used, the Boolean string value must never be blank. 

CLEAR_LOGS_PRIV is a Boolean parameter that gives the user permission to 
clear the event log. This parameter is optional, and the Boolean string must be set 
to "Yes" if the user should be allowed to clear the iLO event log. If this 
parameter is used, the Boolean string value must never be blank. 

EMS_PRIV is a Boolean parameter that gives the user permission to use the 
Windows® Server 2003 EMS service. This parameter is optional, and the 
Boolean string must be set to "Yes" if the user should be allowed to use EMS 
services. If this parameter is used, the Boolean string value must never be blank. 

UPDATE_ILO_PRIV is a Boolean parameter that allows the user to copy a new 
firmware image into the iLO system ROM. This parameter is optional, and the 
Boolean string must be set to "Yes" if the user should be allowed to configure 
iLO. If this parameter is used, the Boolean string value must never be blank. 

CONFIG_RACK_PRIV is a Boolean parameter that gives the user permission to 
configure and manage the server rack resources. This parameter is applicable to 
ProLiant BL p-Class servers only. This parameter is optional, and the Boolean 
string must be set to "Yes" if the user should be allowed to manage or configure 
rack resources. If this parameter is used, the Boolean string value must never be 
blank. 

DIAG_PRIV is a Boolean parameter that gives the user permission to view 
diagnostic information about iLO. This parameter is optional, and the Boolean 
string must be set to "Yes" if the user should have diagnostic privileges. If this 
parameter is used, the Boolean string value must never be blank. 
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ADD_USER Runtime Errors 

The possible ADD_USER error messages include: 

• Login name is too long. Maximum length is 39 characters. 

• Password is too short. Minimum length is 8 characters. 

• Password is too long. Maximum length is 39 characters. 

• User table is full. No room for new user. 

• Cannot add user. The user name already exists. 

• User information is open for read-only access. Write access is required for 
this operation. 

• User name cannot be blank. 

• User login ID cannot be blank. 

• Password must not be blank. 

• Boolean value not specified. 

• User does not have correct privilege for action. 

• Logged-in user does not have required privilege for this command. 

DELETE_USER 

The DELETE_USER command is used to remove an existing local user's 
information. Before this command is used, the USER_INFO command must 
have been issued with the mode set to "write." The user must have administrative 
privilege to delete other user accounts. 

Example: 

<RIBCL VERSI0N="2 . 0"> 

<LOGIN USER_LOGIN="adminname" 

PASSWORD="password"> 

<USER_INFO MODE="write"> 

<DELETE_USER USER_LOGIN="username" /> 

</USER_INFO> 

</LOGIN> 
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</RIBCL> 



DELETE 



USER Parameter 



USER_LOGIN is the login name of the user that you want to delete. The 
USER_LOGIN parameter has a maximum length of 39 characters, can be an 
ASCII string containing any combination of printable characters, and is case 
sensitive. The USER_LOGIN parameter must never be blank. 



• User information is open for read-only access. Write access is required for 
this operation. 

• Cannot delete user information for currently logged in user. 

• User login name was not found. 

• User login name must not be blank. 

• User does not have correct privilege for action. 

• Logged in user does not have required privileges for this command. 



The GET_USER command returns the local user's information, excluding the 
password. The user must have login privilege to execute this command. If the 
user does not have administrative privileges, only the logged user's information 
can be retrieved. 



<RIBCL VERSI0N="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<USER_INFO MODE="read"> 

<GET_USER USER_LOGIN="username"/> 

</USER_INFO> 

</LOGIN> 
</RIBCL> 



DELETE 



USER Runtime Errors 



The possible DELETEJJSER errors include: 



GET USER 



Example: 
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GET_USER Parameter 

USER_LOGIN is the name that the user types in to log in to iLO. This parameter 
is case sensitive, can be any valid string, and has a maximum length of 39 
characters. The string must never be blank. 

The user must have the Administer User Accounts privilege to retrieve other user 
accounts. A user without the administrative privilege can only view their own 
account information. 

GET_USER Runtime Errors 

The possible GET_USER error messages include: 

• User login ID cannot be blank. 

• User login name was not found. 

• Logged-in user does not have required privilege for this command. 

GET_USER Return Messages 

A possible GET_USER return message includes: 

<RESPONSE 

STATUS="0x0000" 
MSG="No Errors" 

/> 

<GET_USER 

USE R_N AME = " Admi n User" 
USER_LOGIN= "username" 
ADMIN_PRIV="N" 
REMOTE_CONS_PRI V= " Y " 
RESET_SERVER_PRIV="N" 
VIRTUAL_MEDIA_PRIV="N" 
CONFIG ILO PRIV value ="No" 
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MOD_USER 

The MOD_USER command is used to modify an existing local user's 
information. You are not required to enter any of the fields except for the first 
one, which specifies which user to modify. If any parameter does not need to be 
modified, you should omit it. MOD_USER must be displayed within a 
USER_INFO parameter, and USER_INFO must be in write mode. The user login 
name used to gain access cannot be modified. 

To modify user names, user passwords, or user rights, the user must be logged in 
with the administrative privilege. A user without administrative privilege can 
only modify their account password. 

Example: 

<RIBCL VERSI0N="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 
<USER_INFO MODE="write"> 
<MOD_USER USER_LOGIN="loginname"> 

<USER_NAME value="username" /> 

<PASSWORD value="password"/> 

<ADMIN_PRIV value="No"/> 

<REMOTE_CONS_PRIV value=" Yes " /> 

<RESET_SERVER_PRIV value="No"/> 

<CONFIG_ILO_PRIV value=" Yes " /> 

<VIRTUAL_MEDIA_PRIV value="No"/> 
</MOD_USER> 
</USER_INFO> 
</LOGIN> 
</RIBCL> 

MOD_USER Parameters 

USER_LOGIN is the name that the user types in to log in to iLO. This parameter 
is case sensitive, can be any valid string, and has a maximum length of 39 
characters. The string must never be blank. 
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NOTE: If the following parameters are not specified, then the 
parameter value for the specified user is not changed. 

USER_NAME is the actual name of the user to be added. This parameter is case 
sensitive, can be any valid string, and has a maximum length of 39 characters. 
This string is used for display only and must never be blank. 

PASSWORD is the password that will be associated with the user. This 
parameter has a minimum length of 0 characters, a maximum length of 39 
characters, depending on the minimum password length set on the Global 
Settings screen. PASSWORD is an ASCII string that may contain any 
combination of printable characters. The PASSWORD parameter cannot contain 
both single and double quote characters. This parameter is case sensitive. 

ADMIN_PRIV is a Boolean parameter that allows the user to administer user 
accounts. The user can modify their account settings, modify other user account 
settings, add users, and delete users. Leaving out this parameter prevents the user 
from adding, deleting, or configuring accounts. 

REMOTE_CONS_PRIV is a Boolean parameter that gives permission for the 
user to access the Remote Console functionality. This parameter is optional, and 
the Boolean string must be set to "Yes" if the user should have Remote Console 
privileges. If this parameter is used, the Boolean string value must never be left 
blank. Leaving out this privilege will deny the user access to any Remote 
Console functionality. 

RESET_SERVER_PRIV is a Boolean parameter that gives the user permission 
to remotely reset the server or power it down. This parameter is optional, and the 
Boolean string must be set to "Yes" if the user is allowed to modify the server 
power. If this parameter is used, the Boolean string value must never be left 
blank. Leaving out this parameter denies the user server reset privileges. 

CONFIG_ILO_PRIV is a Boolean parameter that allows the user to configure 
iLO settings. This privilege includes network settings, global settings, Insight 
Manager settings, and SNMP settings. This parameter is optional, and the 
Boolean string must be set to "Yes" if the user should be allowed to configure 
iLO. If this parameter is used, the Boolean string value must never be blank. 
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VIRTU AL_MEDIA_PRIV is a Boolean parameter that gives the user permission 
to access the virtual floppy functionality. This parameter is optional, and the 
Boolean string must be set to "Yes" if the user should have virtual floppy 
privileges. If this parameter is used, the Boolean string value must never be left 
blank. Leaving out this parameter denies the user virtual floppy privileges. 



The possible MOD_USER error messages include: 

• Login name is too long. Maximum length is 39 characters. 

• Password is too short. Minimum length is 8 characters. 

• Password is too long. Maximum length is 39 characters. 

• User information is open for read-only access. Write access is required for 
this operation. 

• User login ID cannot be blank. 

• Cannot modify user information for currently logged user. 

• This user is not logged in. 

• User does not have correct privilege for action. 

• Logged-in user does not have required privilege for this command. 



The GET_ALL_USERS command requests a list of all of the valid user names 
that are currently in the local user database. The user database must have been 
successfully opened with the USER_INFO command and must have been opened 
in read or write mode for this command to work. The user must have 
administrative privilege to execute this command. 



<RIBCL VERSI0N="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 
<USER_INFO MODE="read"> 
<GET ALL USERS /> 



MOD USER Runtime Errors 



GET ALL 



USERS 



Example: 
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</USER_INFO> 
</LOGIN> 
</RIBCL> 

GET_ALL_USERS Runtime Error 

Logged in user does not have required privileges for this command. 



GET_ALL_USERS Return Messages 

A possible GET_ALL_USERS return message is: 

<RESPONSE 

STATUS="0x0000" 
MESSAGE= ' No Error' 

/> 

USER_LOGIN="username" 

USER_L0GIN="user2" 

USER_L0GIN="user3" 

USER_L0GIN="user4" 

USER_L0GIN="user5" 

USER_L0GIN="user6" 

USER_L0GIN="user7" 

USER_L0GIN="user8" 

USER_L0GIN="user9" 

USER_LOGIN="userlO" 

USER_LOGIN="userll" 

USER_L0GIN="userl2" 

/> 

A possible unsuccessful request is: 

<RESPONSE 

STATUS = "0x0001" 

MSG = "Error Message"/> 
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GET_ALL_USER_INFO 

The GET_ALL_USER_INFO command requests the return of the current local 
user database. This command returns detailed information on each user and not 
just the user login name. The user database must have been successfully opened 
with the USERS_INFO command. The USER_INFO command can be opened in 
either read or write mode. GET_ALL_USER_INFO requires the user to log in 
with administrative privilege. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<USER_INFO MODE="read"> 

<GET_ALL_USER_INFO /> 

</USER_INFO> 

</LOGIN> 
</RIBCL> 

GET_ALL_USER_INFO Parameters 

There are no parameters for this command. 



GET_ALL_USER_INFO Runtime Errors 

A possible GET_ALL_USER_INFO error is: Logged in user does not have 
required privilege for this command. 



GET_ALL_USER_INFO 

A possible GET_ALL_USER_INFO return message is: 

<RESPONSE 

STATUS="0x0000" 
MSG="No Errors" 

/> 

<GET_USER 
USE R_N AME = " Admi n " 
USER_LOGIN=" Admin" 
ADMIN PRIV="Y" 
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CONFIG_RILO_PRIV="Y" 
LOGIN_PRIV="Y" 
REMOTE_CONS_PRIV="Y" 
RESET_SERVER_PRIV="Y" 
VIRTUAL_MEDIA_PRIV="Y" 
/> 

The same information will be repeated for all the users. 
A possible unsuccessful request is: 

<RESPONSE 

STATUS = "0x0001" 
MSG = "Error Message"/> 

RIBJNFO 

The RIBJNFO command tells the firmware that the configuration of the iLO is 
about to be changed. 

Example: 

<RIB_INFO MODE="write"> 

RIB_INFO commands 

</RIB_INFO> 

RIBJNFO Parameter 

MODE is a specific string parameter with a maximum length of 10 characters 
that specifies what you intend to do with the user information. Valid arguments 
are "read" and "write." 

Write mode enables both reading and writing, and other users will be unable to 
open the iLO information. Read mode prevents the user from changing any iLO 
data. Read mode is assumed if the mode attribute is left out. 



RIB INFO Runtime Errors 



There are no RIBJNFO errors. 
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RESET_RIB 

This command allows the user to reset the iLO. RESET_RIB must display inside 
a RIB_INFO block in write mode. The user must be logged in with configure 
iLO privilege to execute this command. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN=" Admin" PASSWORD="Password"> 

<RIB_INFO MODE = "write"> 

<RESET_RIB/> 

</RIB_INFO> 

</LOGIN> 
</RIBCL> 



RESET_RIB Parameters 

There are no parameters for this command. 



RESET_RIB Runtime Errors 

There are no errors for this command. 

GET_NETWORK_SETTINGS 

The GET_NETWORK_SETTINGS command allows the user to retrieve the 
network settings. GET_NETWORK_SETTINGS must display inside a 
RIB_INFO block. The user must have login privilege to execute this command. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 
<RIB_INFO MODE="read"> 
<GET_NETWORK_SETTINGS/> 
</RIB_INFO> 
</LOGIN> 
</RIBCL> 
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GET_NETWORK_SETTINGS Parameters 

There are no parameters for this command. 

GET_NETWORK_SETTINGS Runtime Errors 

There are no errors for this command. 



GET_NETWORK_SETTINGS Return Messages 

A possible GET_NETWORK_SETTINGS return message is: 

<GET_NETWORK_SETTINGS 

SPEED_AUTOSELECT=" YES " 

NIC_SPEED="100" 

FULL_DUPLEX="NO" 

DHCP_ENABLE=" YES " 

DHC P_GATEWAY= " YE S " 

DHCP_DNS_SERVER="YES" 

DHCP_STATIC_ROUTE="YES" 

DHCP_WINS_SERVER="YES" 

REG_WINS_SERVER="YES" 

IP_ADDRESS = "111 . Ill . Ill . Ill" 

SUBNET_MASK= "255.255.255.0" 

GATEWAY_IP_ADDRESS = "111 . Ill . Ill . 1" 

DN S_N AME = " t e s t " 

DOMA I N_N AME = " t e s t . com" 

PRIM_DNS_SERVER="111 . Ill . Ill .242" 

SEC_DNS_SERVER="111 . Ill . Ill .242" 

TER_DNS_SERVER="111 . Ill . Ill .242" 

PRIM_WINS_SERVER="111 . Ill . Ill .246" 

SEC_WINS_SERVER="111 . Ill . Ill .247" 

STATIC_ROUTE_l DEST=" 0.0.0.0" GATEWAY=" 0.0.0.0" 
STATIC_ROUTE_2 DEST=" 0.0.0.0" GATEWAY=" 0.0.0.0" 
STATIC_ROUTE_3 DEST=" 0.0.0.0" GATEWAY=" 0.0.0.0" 
WEB_AGENT_I P_ADDRE S S = " " 

/> 

A possible unsuccessful request is: 



<RESPONSE 

STATUS = "0x0001 
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MSG = "Error Message"/> 

MOD_NETWORK_SETTINGS 

MOD_NETWORK_SETTINGS is used to modify certain network settings. This 
command is only valid inside a RIB_INFO block. The logged-in user must have 
the Configure iLO Settings privilege, and the mode of the containing RIB_INFO 
block must be "write." All of these elements are optional, and may be left out. If 
an element is left out, then the current setting is preserved. The iLO Management 
Processor will reboot to apply the changes after the 
MOD_NETWORK_SETTINGS command is closed. 

When modifying network settings, the user should be cognizant of the network 
commands provided to the management processor. In some cases, the 
management processor will ignore commands and no error will be returned. For 
example, when a script includes the command to enable DHCP and a command 
to modify the IP address, the IP address will be ignored. Changing the network 
settings to values that are not correct for the network may cause a loss of 
connectivity to the iLO. The iLO scripting firmware does not attempt to 
determine if the settings are appropriate for the network configuration. 

If connectivity is lost to the iLO, you must use the RBSU to reconfigure the 
network settings to values that are compatible with the network. For more 
information, refer to the "iLO RBSU (on page 14)" section. 

Example: 

<RIBCL VERSI0N="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<RIB_INFO MODE="write"> 

<MOD_NETWORK_SETTINGS> 

<ENABLE_NIC value=" Yes " /> 

<SPEED_AUTOSELECT value="No"/> 

<NIC_SPEED value="100"/> 

<FULL_DUPLEX value=" Yes " /> 

<DHCP_ENABLE value=" Yes " /> 

<IP_ADDRESS value="192 . 168 . 132 .25"/> 

<SUBNET_MASK value="255 . 255 . 0 . 0"/> 

<GATEWAY_IP_ADDRESS value="192 . 168 . 132 .2"/> 

<DNS_NAME value="demorib"/> 

<DOMAIN_NAME value=" internal . net" /> 

<DHCP GATEWAY value="No"/> 
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<DHCP_DNS_SERVER value="No"/> 
<DHCP_WINS_SERVER value="No"/> 
<DHCP_STATIC_ROUTE value="No"/> 
<REG_WINS_SERVER value="No"/> 
<REG_DDNS_SERVER value="No"/> 
<PING_GATEWAY value=" Yes " /> 
<PRIM_DNS_SERVER value="192 .168.12. 14"/> 
<SEC_DNS_SERVER value="192 .168.12. 15"/> 
<TER_DNS_SERVER value="192 . 168 . 12 . 16"/> 
<PRIM_WINS_SERVER value="192 . 168 . 145 . l"/> 
<SEC_WINS_SERVER value="192 . 168 . 145 . 2"/> 
<STATIC_R0UTE_1 DEST="192 .168.129. 144" 
GATEWAY="192 . 1 68 . 12 9 . 1 " /> 
<STATIC_R0UTE_2 DEST="192 .168.129. 145" 
GATEWAY="192 . 168 . 12 9 . 2 "/> 
<STATIC_R0UTE_3 DEST="192 .168.129.146" 
GATEWAY="192 . 1 68 . 12 9 . 3 " /> 

</MOD_NETWORK_SETTINGS> 

</RIB_INF0> 

</L0GIN> 
</RIBCL> 



MOD_NETWORK_SETTINGS Parameters 



SPEED_AUTOSELECT is used to automatically select the transceiver speed. 
The possible values are "Yes" or "No." It is case insensitive. 



FULL_DUPLEX is used to decide if the iLO is to support full-duplex or half- 
duplex mode. It is only applicable if SPEED_AUTO SELECT was set to "No." 
The possible values are "Yes" or "No." It is case insensitive. 

NIC_SPEED is used to set the transceiver speed if SPEED_AUTOSELECT was 
set to "No." The possible values are "10" or "100." Any other values will result in 
a syntax error. 

DHCP_EN AB LE is used to enable DHCP. The possible values are "Yes" or 
"No." It is case insensitive. 



IP_ADDRESS is used to select the IP address for the iLO if DHCP is not 
enabled. If an empty string is entered, the current value is deleted. 
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SUBNET_MASK is used to select the subnet mask for the iLO if DHCP is not 
enabled. If an empty string is entered, the current value is deleted. 

G ATEW A Y_IP_ADDRES S is used to select the default gateway IP address for 
the iLO if DHCP is not enabled. If an empty string is entered, the current value is 
deleted. 

DNS_NAME is used to specify the DNS name for the iLO. If an empty string is 
entered, the current value is deleted. 

DOMAIN_NAME is used to specify the domain name for the network where the 
iLO resides. If an empty string is entered, the current value is deleted. 

DHCP_GATEWAY specifies if the DHCP-assigned gateway address is to be 
used. The possible values are "Yes" or "No." It is case sensitive. This selection is 
only valid if DHCP is enabled. 

DHCP_DNS_SERVER specifies if the DHCP-assigned DNS server is to be used. 
The possible values are "Yes" or "No." It is case sensitive. This selection is only 
valid if DHCP is enabled. 

DHCP_WINS_SERVER specifies if the DHCP-assigned WINS server is to be 
used. The possible values are "Yes" or "No." It is case sensitive. This selection is 
only valid if DHCP is enabled. 

DHCP_STATIC_ROUTE specifies if the DHCP-assigned static routes are to be 
used. The possible values are "Yes" or "No." It is case sensitive. This selection is 
only valid if DHCP is enabled. 

REG_WINS_SERVER specifies if the iLO needs to register with the WINS 
server. The possible values are "Yes" or "No." It is case sensitive. This selection 
is only valid if DHCP is enabled. 

PRIM_DNS_S ERVER specifies the IP address of the primary DNS server. This 
parameter is only relevant if the DHCP-assigned DNS server address feature is 
disabled. If an empty string is entered, the current value is deleted. 

SEC_DNS_SERVER specifies the IP address of the secondary DNS server. This 
parameter is only relevant if the DHCP-assigned DNS server address feature is 
disabled. If an empty string is entered, the current value is deleted. 
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TER_DNS_SERVER specifies the IP address of the tertiary DNS server. This 
parameter is only relevant if the DHCP-assigned DNS server address feature is 
disabled. If an empty string is entered, the current value is deleted. 

PRIM_WINS_SERVER specifies the IP address of the primary WINS server. 
This parameter is only relevant if the DHCP-assigned WINS server address 
feature is disabled. If an empty string is entered, the current value is deleted. 

SEC_WINS_SERVER specifies the IP address of the secondary WINS server. 
This parameter is only relevant if the DHCP-assigned WINS server address 
feature is disabled. If an empty string is entered, the current value is deleted. 

STATIC_ROUTE_l, STATIC_ROUTE_2, and STATIC_ROUTE_3 are used to 
specify the destination and gateway IP addresses of the static routes. The 
following two parameters are used within the static route commands. If an empty 
string is entered, the current value is deleted. 

• DEST specifies the destination IP addresses of the static route. This 
parameter is only relevant if the DHCP-assigned static route feature is 
disabled. If an empty string is entered, the current value is deleted. 

• GATEWAY specifies the gateway IP addresses of the static route. This 
parameter is only relevant if the DHCP-assigned static route feature is 
disabled. If an empty string is entered, the current value is deleted. 

WEB_AGENT_IP_ADDRES S specifies the address for the Web-enabled agents. 
If an empty string is entered, the current value is deleted. 

NOTE: The iLO is rebooted to apply the changes after 
MOD_NETWORK_SETTINGS has been closed. 

MOD_NETWORK_SETTINGS Runtime Errors 

The possible MOD_NETWORK_SETTINGS error messages include: 

• RIB information is open for read-only access. Write access is required for 
this operation. 

• User does not have correct privilege for action. 

• Logged-in user does not have required privilege for this command. 
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MOD_DIAGPORT_SETTINGS 

This command is used to modify certain network settings on the iLO Diagnostic 
Port. This command is only valid inside a RACK_INFO block on a ProLiant BL 
p-Class series server. The logged-in user must have the Configure iLO privilege 
and the mode of the containing RACK_INFO block must be "write. " 
DP_IP_ADDRESS and DP_S UB NET_M AS K should not be left empty. For both 
parameters, if an empty string is entered, the current address is deleted. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="username" PASSWORD="password"> 

<RACK_INFO MODE="write"> 

<MOD_DIAGPORT_SETTINGS> 

<DP_SPEED_AUTOSELECT value="No"/> 
<DP_NIC_SPEED value="100"/> 
<DP_FULL_DUPLEX value=" Yes " /> 
<DP_IP_ADDRESS value="192 . 168 . 142 . 56"/> 
<DP_SUBNET_MASK value="255 . 255 . 0 . 0"/> 

</MOD_DIAGPORT_SETTINGS> 

</RACK_INFO> 

</LOGIN> 
</RIBCL> 

MOD_DIAGPORT_SETTINGS Parameters 

DP_SPEED_AUTOSELECT is used to automatically select the transceiver 
speed. The possible values are "Yes" or "No." It is case insensitive. 

DP_NIC_SPEED is used to set the transceiver speed if 

DP_S PEED_AUTOS ELECT was set to "No." The possible values are 10 or 100. 
Any other value results in a syntax error. 

DP_FULL_DUPLEX is used to decide if the iLO diagnostic port is to support 
full-duplex or half-duplex mode. It is only applicable if 

DP_S PEED_AUTOS ELECT was set to "No." The possible values are "Yes" or 
"No." It is case insensitive. 
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DP_IP_ADDRESS is used to select the IP address for the iLO Diagnostic Port. If 
an empty string is entered, the current address is unchanged. The expected format 
is XXX.XXX.XXX.XXX. 

DP_SUBNET_MASK is used to select the subnet mask for the iLO Diagnostic 
Port. If an empty string is entered, the current address is unchanged. The 
expected format is XXX.XXX.XXX.XXX. 

NOTE: When MOD_DIAGPORT_SETTINGS has been closed, iLO will 
reboot to apply the changes. Integrated Lights-Out will not reboot if 
there are any runtime errors. 



MOD_DIAGPORT_SETTINGS Runtime Errors 

Possible MOD_DIAGPORT_SETTINGS error messages include: 



• iLO information is open for read-only access. Write access is required for 
this operation. 

• Logged-in user does not have required privilege for this command. 



The DIR_INFO command is used to display information on the server. Only 
commands that are DIR_INFO type commands are valid inside the DIR_INFO 
block. 

<DIR_INFO MODE="read"> 
</DIR INFO 



MODE is a specific string parameter with a maximum length of 10 characters 
that specifies what you intend to do with the user information. Valid arguments 
are "read" and "write." 



DIR INFO 



DIR INFO 



Parameter 



DIRJNFO 



Runtime Errors 



• Mode parameter must not be blank. 
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• User does not have correct privilege for action. 

GET_DIR_CONFIG 

The GET_DIR_CONFIG command gets the directory configuration of the iLO. 
This command must be contained within a DIR_INFO block. All parameters are 
optional. The user must be logged in with login privilege to execute this 
command. 

Example: 

<RIBCL VERSI0N="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<DIR_INFO MODE="read"> 

<GET_DIR_CONFIG/> 

</DIR_INFO> 

</LOGIN> 
</RIBCL> 

GET_DIR_CONFIG Parameters 

There are no parameters for this command. 



GET_DIR_CONFIG Runtime Errors 

There are no errors for this command. 



GET_DIR_CONFIG Return Messages 

A possible GET_DIR_CONFIG return message is: 

<RESPONSE 
STATUS="0x0000" 
MSG = 'No Error' 

/> 

<GET_DIR_CONFIG 

DIR_AUTHENTICATION_ENABLED = "YES" 
DIR_LOCAL_USER_ACCT = "YES" 
DIR_SERVER_ADDRESS = " server 1 . hprib . labs " 
DIR SERVER PORT = "636" 
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DIR_OBJECT_DN = "CN=SERVER1_RIB, OU=RIB, DC=HPRIB, 
DC=LABS " 

DIR_USER_C0NTEXT1 = "CN=UsersO, DC=HPRIB0, DC=LABS " 

DIR_USER_C0NTEXT2 = "CN=Usersl, DC=HPRIB1, DC=LABS" 
DIR_USER_C0NTEXT3 = "" 
/> 

A possible unsuccessful request is: 

<RESPONSE 

STATUS = "0x0001" 

MSG = "Error Message"/> 

MOD_DIR_CONFIG 

The MOD_DIR_CONFIG command will modify certain directory settings. 
Directories are used for user authentication. This command is only valid inside a 
DIR_INFO block. The logged-in user must have the configure iLO privilege and 
the mode of the containing DIR_INFO block must be "write." All of these 
parameters are optional and may be left out. If a parameter is left out, then the 
current setting is preserved. If any value is set to an empty string, then the 
previous value is erased. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<DIR_INFO MODE="write"> 

<MOD_DIR_CONFIG> 

<DIR_AUTHENTICATION_ENABLED value=" Yes " /> 
<DIR_LOCAL_USER_ACCT value=" Yes " /> 
<DIR_SERVER_ADDRESS value="16 . 141 . 100 . 44"/> 
<DIR_SERVER_PORT value=" 63 6 " /> 

<DIR_OBJECT_DN value="CN=serverl_rib, OU=RIB, 
DC=HPRIB, DC=LABS"/> 

<DIR_OBJECT_PASSWORD value="password" /> 
<DIR_USER_CONTEXT_l value=" CN=Users , DC=HPRIB, 
DC=LABS"/> 

</MOD_DIR_CONFIG> 

</DIR_INFO> 

</LOGIN> 
</RIBCL> 
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MOD DIR 



CONFIG Parameters 



DIR_AUTHENTIC ATION_EN AB LED enables or disables directory 
authentication. The possible values are "Yes" and "No." 

DIR_LOCAL_USER_ACCT enables or disables local user accounts. 

DIR_S ERVER_ADDRES S indicates the location of the directory server. The 
directory server location is specified as an IP address or DNS name. 

DIR_SERVER_PORT indicates the port number used to connect to the directory 
server. This value is obtained from the directory administrator. The secured 
LDAP port is 636, but the directory server can be configured for a different port 
number. 

DIR_OBJECT_DN specifies the unique name of the iLO board in the directory 
server. This value is obtained from the directory administrator. Distinguished 
names are limited to 256 characters. 

DIR_OBJECT_PAS SWORD specifies the password associated with the iLO 
object in the directory server. Passwords are limited to 39 characters. 

DIR_USER_CONTEXT_l, DIR_USER_CONTEXT_2, and 
DIR_USER_CONTEXT_3 specify searchable contexts used to locate the user 
when the user is trying to authenticate using directories. If the user could not be 
located using the first path, then the parameters specified in the second and third 
paths are used. The values for these parameters are obtained from the directory 
administrator. Directory User Contexts are limited to 128 characters each. 



The possible MOD_DIR_CONFIG error messages include: 

• Directory information is open for read-only access. Write access is required 
for this operation. 

• Logged-in user does not have required privilege for this command. 



MOD DIR 



CONFIG Runtime Errors 
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GET_GLOBAL_SETTINGS 

The GET_GLOBAL_SETTINGS command allows the user to retrieve the global 
settings. GET_GLOBAL_SETTINGS must be contained inside a RIBJNFO 
block. The user must be logged in with login privilege for this command. The 
information returned by this command is the information that can be changed by 
the MOD_GLOBAL_SETTINGS command. 

GET_GLOBAL_SETTINGS Parameters 

There are no parameters for this command. 

GET_GLOBAL_SETTINGS Runtime Errors 

There are no errors for this command. 

GET_GLOBAL_SETTINGS Return Messages 

A possible GET_GLOB AL_SETTINGS return message is: 

<GET_GLOBAL_SETTINGS 

SESSION_TIMEOUT="12 0" 
F 8_PROMPT_ENABLED= " YE S " 

REMOTE_CONSOLE_PORT_STATUS ="ENABLED" 

HTTPS_PORT ="443" 

HTTP_PORT ="80" 

REMOTE_CONSOLE_PORT ="23" 

VIRTUAL_MEDIA_PORT = "17 988" 

SNMP_ADDRESS_1 ="" 

SNMP_ADDRESS_2 ="" 

SNMP_ADDRESS_3 ="" 

OS_TRAPS ="NO" 

RIB_TRAPS ="NO" 

CIM_SECURITY_MASK ="MEDIUM" 

/> 

The following is an example of an unsuccessful request: 

<RESPONSE 

STATUS = "0x0001" 
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MSG = "Error Message"/> 

MOD_GLOBAL_SETTINGS 

This command is used to modify certain global settings. The 
MOD_GLOBAL_SETTINGS command must appear within a RIBJNFO 
element and RIBJNFO must be in write mode. The logged-in user must have the 
Configure iLO privilege. All of these elements are optional, and may be left out. 
If an element is left out, then the current setting is preserved.This command 
modifies certain global settings. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<RIB_INFO MODE="write"> 

<MOD_GLOBAL_SETTINGS> 

<SESSION_TIMEOUT value="60"/> 

<ILO_FUNCT_ENABLED value=" Yes " /> 

<F8_PROMPT_ENABLED value=" Yes " /> 

<HTTPS_PORT value="443"/> 

<HTTP_PORT value="80"/> 

<REMOTE_CONSOLE_PORT value="2 3"/> 

<VIRTUAL_MEDIA_PORT value=" 17 98 8 "/> 
</MOD_GLOBAL_SETTINGS> 
</RIB_INFO> 
</LOGIN> 
</RIBCL> 

MOD_GLOBAL_SETTINGS Parameters 

SESSION_TIMEOUT determines the maximum session timeout value in 
minutes. The accepted values are from 15, 30, 60 and 120. If a value greater than 
120 is specified, the SESSION_TIMEOUT returns an error. 

ILO_FUNCT_EN AB LED determines if the Lights-Out functionality is enabled 
or disabled for iLO. The possible values are "Yes" or "No." It is case insensitive. 

F8_PROMPT_EN AB LED determines if the F8 prompt for ROM-based 
configuration is displayed during POST. The possible values are "Yes" or "No." 
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HTTPS_PORT specifies the HTTPS (SSL) port number for the <LOM_short- 
name>. If this value is changed, the iLO must be reset. 

HTTP_PORT specifies the HTTP port number for the iLO. If this value is 
changed, the iLO must be reset. 

REMOTE_CONSOLE_PORT specifies the Remote Console port for the iLO. 
The iLO must be reset if this value is changed. 

REMOTE_CONSOLE_ENCRYPTION determines if Remote Console Data 
Encryption is enabled or disabled. The possible values are "Yes" and "No." 

VIRTU AL_MEDIA_PORT specifies the port used for virtual media on iLO. iLO 
must be reset if this value is changed. 

NOTE: iLO will reboot to apply the port changes. iLO will not reboot if 
there are any runtime errors. 

MIN_PAS SWORD command specifies how many characters are required in all 
user passwords. The value can be from 0 to 39 characters. 

MOD_GLOBAL_SETTINGS Runtime Errors 

The possible MOD_GLOB AL_S ETTINGS error messages include: 

• RIB information is open for read-only access. Write access is required for 
this operation. 

• Logged-in user does not have required privilege for this command. 

• Maximum password length value exceeded. 

MOD_SNMP_IM_SETTINGS 

This command enables the user to modify certain SNMP and Insight Manager 
settings. The MOD_SNMP_IM_SETTINGS must appear within a RIBJNFO 
element and RIBJNFO must be in write mode. The logged-in user must have the 
Configure iLO privilege. All of these elements are optional, and may be left out. 
If an element is left out, then the current setting is preserved. 



Example: 
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<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<RIB_INFO MODE="write"> 

<MOD_SNMP_IM_SETTINGS> 

<WEB_AGENT_IP_ADDRESS value="192 . 168 . 125 . 120"/> 
<SNMP_ADDRESS_1 value="192 . 168 . 125 . 121"/> 
<SNMP_ADDRESS_2 value="192 . 168 . 125 . 122"/> 
<SNMP_ADDRESS_3 value="192 . 168 . 125 . 123"/> 
<OS_TRAPS value="Yes"/> 
<RIB_TRAPS value="No"/> 
<CIM_SECURITY_MASK value="3"/> 

</MOD_SNMP_IM_SETTINGS> 

</RIB_INFO> 

</LOGIN> 
</RIBCL> 

MOD_SNMP_IM_SETTINGS Parameters 

WEB_AGENT_IP_ADDRES S is the address for the Web-enabled agents. The 
value for this element has a maximum length of 50 characters. It can be any valid 
IP address or DNS name. If an empty string is entered, the current value is 
deleted. 

SNMP_ADDRESS_1, SNMP_ADDRESS_2, and SNMP_ADDRESS_3 are the 
addresses that receive traps sent to the user. Each of these parameters can be any 
valid IP address or DNS name and has a maximum value of 50 characters. 

OS_TRAPS indicates that the user should receive SNMP traps that are generated 
by the operating system. The possible values are "Yes" and "No." If the value is 
not set, then the default "No" is assumed, and traps are not sent. 

RIB_TRAPS indicates that the user should receive SNMP traps that are 
generated by the RIB. The possible values are "Yes" and "No." If the value is not 
set, then the default "No" is assumed, and traps are not sent. 

CIM_SECURITY_MASK accepts an integer between 0 and 4. The possible 
values are: 

• 0 — No change 

• 1 — None (No data is returned to Insight Manager 7.) 
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• 2 — Low (Name and status data are returned. Associations are present if 
SNMP pass-through is supported. If not, the server and management 
processor are separate entities in the device list.) 

• 3 — Medium (iLO and server associations are present but the summary page 
contains less detail than at high security.) 

• 4 — High (Associations are present and all data is present on the summary 
page.) 

Each value indicates the level of data returned to an Insight Manager 7 request. 

MOD_SNMP_IM_SETTINGS Runtime Errors 

• User does not have correct privilege for action. 

• RIB information is open for read-only access. Write access is required for 
this operation. 

CLEAR_EVENTLOG 

The CLEAR_EVENTLOG command clears the iLO Event Log. The 
CLEAR_EVENTLOG command must be displayed within a RIBJNFO block, 
and RIBJNFO must be in write mode. To clear the event log, the user must be 
logged in with the configure iLO privilege. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<RIB_INFO MODE="write"> 

<CLEAR_EVENTLOG/> 

</RIB_INFO> 

</LOGIN> 
</RIBCL> 

CLEAFLEVENTLOG Parameters 

There are no parameters for this command. 
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CLEAFLEVENTLOG Runtime Errors 

The possible CLEAR_EVENTLOG error messages are: 

• RIB information is open for read-only access. Write access is required for 
this operation. 

• User does not have correct privilege for action. 

• Logged-in user does not have required privilege for this command. 

UPDATE_RIB_FIRMWARE 

The UPDATE_RIB_FIRMWARE command copies the firmware upgrade file to 
the iLO, starts the upgrade process and reboots the board after the image has 
been flashed successfully. The UPDATE_RIB_FIRMWARE command must be 
displayed within a RIB_INFO block, and RIB_INFO must be in write mode. The 
iLO is reset after the firmware upgrade is complete. To update the firmware, the 
user must be logged in with the configure iLO privilege. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 
<RIB_INFO MODE="write"> 

< U P DAT E_R I B_F I RMWARE IMAGE_LOCATION="C : \ IL014 0 . BIN" /> 
</RIB_INFO> 
</LOGIN> 
</RIBCL> 



UPDATE_RIB_FIRMWARE Parameters 

IMAGE_LOCATION takes the full path file name of the firmware upgrade file. 



UPDATE_RIB_FIRMWARE Runtime Errors 

The possible UPDATE_RIB_FIRMWARE error messages include: 



RIB information is open for read-only access. Write access is required for 
this operation. 
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• Unable to open the firmware image update file. 

• Unable to read the firmware image update file. 

• The firmware upgrade file size is too big. 

• The firmware image file is not valid. 

• A valid firmware image has not been loaded. 

• The flash process could not be started. 

• IMAGE_LOCATION must not be blank. 

• User does not have correct privilege for action. 

• Logged-in user does not have required privilege for this command. 



The GET_FW_VERSION command returns the version and date of the firmware 
on the iLO. 



<RIBCL VERSI0N="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<RIB_INFO MODE="read"> 

< GE T_FW_VERS I ON / > 

</RIB_INFO> 

</LOGIN> 
</RIBCL> 



GET FW VERSION 



Example: 



GET FW 



VERSION Parameters 



There are no parameters for this command. 



GET_FW 



VERSION Runtime Errors 



There are no errors for this command. 
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GET_FW_VERSION Return Messages 

The following information is returned within the response: 

<GET_FW_VERSION 

F I RMWARE_VERS I ON = < firmware version> 
F I RMWARE_D AT E = < firmware date> 

MANAGEMENT_PROCESSOR = <management processor type> 

/> 

HOTKEY_CONFIG 

The HOTKEY_CONFIG command configures the Remote Console hot key 
settings on the iLO. The HOTKEY_CONFIG command must be displayed 
within a RIB_INFO element, and RIB_INFO must be in write mode. All of the 
subelements of the command are optional. The user must be logged in with the 
configure iLO privilege to execute this command. 

Uppercase letters are not supported, and they will be converted automatically to 
lowercase. If either a double quote or a single quote is used, it must be different 
from the delimiter. CTRL subelements that are not present are not modified. 
Specifying a blank string removes the current value. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<RIB_INFO MODE="write"> 

<HOTKEY_CONFIG> 

<CTRL_T value="CTRL, ALT, ESC"/> 

<CTRL_U value="L_SHIFT, F10, F12"/> 

<CTRL_V value=""/> 

<CTRL_Y value=""/> 

<CTRL_X value=""/> 

<CTRL_Y value=""/> 
</HOTKEY_CONFIG> 
</RIB_INFO> 
</LOGIN> 
</RIBCL> 
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HOTKEY_CONFIG Parameters 

CTRL_T specifies settings for the CTRL_T hot key. The settings need to be 
separated by commas. For example, CTRL_T="CTRL,ALT,ESC." Up to 
five keystrokes can be configured for each hot key. 

CTRL_U specifies settings for the CTRL_U hot key. The settings need to be 
separated by commas. For example, CTRL_U="CTRL,ALT,ESC." Up to 
five keystrokes can be configured for each hot key. 

CTRL_V specifies settings for the CTRL_V hot key. The settings need to be 
separated by commas. For example, CTRL_V="CTRL,ALT,ESC." Up to five 
keystrokes can be configured for each hot key. 

CTRL_W specifies settings for the CTRL_W hot key. The settings need to be 
separated by commas. For example, CTRL_W="CTRL,ALT,ESC." Up to 
five keystrokes can be configured for each hot key. 

CTRL_X specifies settings for the CTRL_X hot key. The settings need to be 
separated by commas. For example, CTRL_X="CTRL,ALT,ESC." Up to 
five keystrokes can be configured for each hot key. 

CTRL_Y specifies settings for the CTRL_Y hot key. The settings need to be 
separated by commas. For example, CTRL_Y="CTRL,ALT,ESC." Up to 
five keystrokes can be configured for each hot key. 

HOTKEY_CONFIG Runtime Errors 

The possible HOTKEY_CONFIG error messages include: 

• RIB information is open for read-only access. Write access is required for 
this operation. 

• The hot key parameter specified is not valid. 

• Invalid number of hot keys. The maximum allowed is five. 

• User does not have correct privilege for action. 
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LICENSE 



The LICENSE command activates or deactivates the iLO advanced features. If 
the server is a ProLiant BL p-Class server, there is no need for a licensing key 
because the advance features are already activated. 

The LICENSE command must be displayed within a RIB_INFO element and 
RIB_INFO must be in write mode. The user must be logged in with the 
Configure iLO privilege. All of the sub-elements of the command are optional. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<RIB_INFO MODE="write"> 

<LICENSE> 

<ACTIVATE KEY=" 1111122222333334444455555" /> 
</LICENSE> 
</RIB_INFO> 
</LOGIN> 
</RIBCL> 



ACTIVATE followed by a valid KEY value signals the activation of the iLO 
advanced pack licensing. 

KEY specifies the license key value. The key should be entered as one 
continuous string. Commas, periods, or other characters should not separate the 
key value. The key will only accept 25 characters; other characters entered to 
separate key values will be interpreted as a part of the key and result in the wrong 
key being entered. 

DEACTIVATE signals the deactivation of the iLO advanced pack licensing. 



LICENSE 



Parameters 



LICENSE 



Runtime Errors 



The possible LICENSE error messages include: 



• License key error. 
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• License is already active. 

• User does not have correct privilege for action. 

RACKJNFO 

The RACKJNFO command is used to tell the firmware that the ProLiant BL p- 
Class rack information is about to be changed. This command block is only valid 
on rack servers. The user must be logged in with the Configure iLO privilege. 

Example: 

<RACK_INFO MODE="read"> 

RACK_INFO commands 

</RACK_INFO> 

RACKJNFO Parameters 

MODE is a specific string parameter with a maximum length of 10 characters 
that specifies what you intend to do with the user information. Valid arguments 
are "read" and "write." 

If it is open in write mode, then both reading and writing are enabled. If it is open 
in read mode, then this instance will not be able to perform any rack 
modifications. It is case insensitive. This parameter must never be blank. 



RACKJNFO Runtime Errors 

The possible RACKJNFO error messages include: 

• Invalid Mode. 

• Server is not a rack server; rack commands do not apply. 
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MOD_BLADE_RACK 

The MOD_BLADE_RACK is used to modify certain ProLiant BL p-Class rack 
settings. The MOD_BLADE_RACK must be displayed within a RACKJNFO 
element and RACKJNFO must be in write mode. The user must be logged-in 
with the Configure Rack privilege. All of the sub-elements are optional. If any 
sub-element is left out, then the current setting is preserved. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="userlogin" PASSWORD="password"> 

<RACK_INFO MODE="write"> 

<MOD_BLADE_RACK> 

< RAC K_N AME va 1 u e = " C PQ_Ra c k_ 1 " / > 
<ENCLOSURE_NAME value="CPQ_Enclosure_l "/> 
<BAY_NAME value=" CPQ_Bay_5 " /> 
<FACILITY_PWR_SOURCE value=" Yes " /> 
<RACK_AUTO_PWR value=" Yes " /> 
<LOG_RACK_ALERTS value=" Yes " /> 

</MOD_BLADE_RACK> 

</RACK_INFO> 

</LOGIN> 
</RIBCL> 

MOD_BLADE_RACK Parameters 

RACK_NAME is used to logically group together the components that comprise 
a single rack. When changed, the rack name is communicated to all other 
components connected in a rack. The name is used when logging and alerting to 
assist in identifying the component. The RACK_NAME can be no more than 
31 characters. 

ENCLOSURE_NAME is used to logically group together the ProLiant BL p- 
Class servers that comprise a single enclosure. When changed, the enclosure 
name is communicated to all other blade servers connected in the same 
enclosure. The name is used when logging and alerting to assist in identifying the 
component. The ENCLOSURE_NAME can be no more than 31 characters. 
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BAY_NAME is used to assist in identifying a component or a components 
function. The name is used when logging and alerting to assist in identifying the 
component. The BAY_NAME can be no more than 31 characters. 

FACILITY_PWR_SOURCE determines the source of power for the blade 
servers. A value of "Yes" directs the server to use facility power and a value of 
"No" directs the server to use the server blade power supplies. 

RACK_AUTO_PWR determines if the blade server should automatically power 
up. A value of "Yes" causes the blade server to automatically power up and begin 
normal booting process if power is available. A value of "No" requires the blade 
server to be manually powered on. 

LOG_RACK_ALERTS determines if alerts from the rack infrastructure should 
be logged. A value of "Yes" enables rack alerts to be logged in the IML log. A 
value of "No" disables the logging of rack alerts in the IML log. 

MOD_BLADE_RACK Runtime Errors 

The possible MOD_BLADE_RACK error messages include: 

• Rack information is open for read-only access. Write access is required for 
this operation. 

• Rack Name too long. 

• Enclosure Name too long. 

• Bay Name too long. 

• User does not have correct privilege for action. 

GET_TOPOLOGY 

The GET_TOPOLOGY command requests that iLO return the rack topology of 
the current rack. The GET_TOPOLOGY command must be displayed within a 
RACKJNFO element. 

Example: 

<RIBCL VERSION="2 . 0"> 
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<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 
<RACK_INFO MODE="read"> 

<GET_TOPOLOGY/> 
</RACK_INFO> 
</LOGIN> 
</RIBCL> 

GET_TOPOLOGY Parameters 

There are no parameters for this command. 



GET_TOPOLOGY Return Message 

An example of a successful request follows: 

<RK_TPLGY CNT="3"> 
<RUID>xxxxxx</RUID> 

<ICMB ADDR="0xAA55" MFG="232" PROD_ID="NNN" SER="123" 

NAME="Power_l"> 

<LEFT/> 

<RIGHT ADDR="0xAB66" SER="123" NAME=" Server_l "/> 
</ICMB> 

<ICMB ADDR="0xAB66" MFG="232" PROD_ID="NNN" SER="456" 
NAME="Server_l"> 

<LEFT ADDR="0xAA55" SER="123" NAME="Power_l " /> 
<RIGHT ADDR="0xAC77" SER="123" NAME=" Power_2 " /> 
</ICMB> 

<ICMB ADDR="0xAC77" MFG="232" PROD_ID="NNN" SER="789" 

NAME="Power_2 "> 

<RIGHT/> 

</ICMB> 

</RK_TPLGY> 

SERVERJNFO 

The SERVERJNFO command tells the firmware that the configuration of the 
iLO is about to be changed. 

Example: 

<SERVER INFO MODE="read"> 
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SERVER_INFO commands 

</SERVER_INFO> 

SERVERJNFO Parameter 

MODE is a specific string parameter that has a maximum length of 10 characters 
It tells the iLO what you intend to do with the server information. Valid 
arguments are "read" and "write." If the parameter is open in write mode, then 
both reading and writing are enabled. If it is open in read mode, the user cannot 
perform any server actions. If this parameter is not specified, "read" is assumed. 



SERVER INFO Runtime Error 



A possible SERVERJNFO error is: Mode parameter must not be 
blank . 



GET_HOST_POWER_STATUS 

The GET_HOST_POWER_STATUS command displays the server power state 
from the Virtual Power Button cable. The GET_HOST_POWER_STATUS 
command must be displayed within a SERVERJNFO element, and 
SERVERJNFO must be in write mode. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<SERVER_INFO MODE="write"> 

<GET_HOST_POWER_STATUS/> 

</SERVER_INFO> 

</LOGIN> 
</RIBCL> 

GET_HOST_POWER_STATUS Parameters 

There are no parameters for this command. 
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GET_HOST_POWER_STATUS Runtime Errors 

The possible GET_HOST_POWER_STATUS error messages include: 

• Host power is OFF. 

• Host power is ON. 

GET_HOST_POWER_STATUS Return Messages 

The following information is returned within the response: 

<GET_HOST_POWER 

HOST POWER="OFF" 

/> 

SET_HOST_POWER 

The SET_HOST_POWER command sets the Virtual Power Button feature. This 
feature is used to turn the server on or off if the feature is supported. The 
SET_HOST_POWER command must be displayed within a SERVERJNFO 
element, and SERVERJNFO must be in write mode. The user must be logged in 
with reset server privilege to execute this command. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<SERVER_INFO MODE="write"> 

<SET_HOST_POWER HOST_POWER=" Yes " /> 

</SERVER_INFO> 

</LOGIN> 
</RIBCL> 

SET_HOST_POWER Parameters 

HOST_POWER enables or disables the Virtual Power Button. The possible 
values are "Yes" or "No." 
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SET_HOST_POWER Runtime Errors 

The possible SET_HOST_POWER error messages include: 

• Server information is open for read-only access. Write access is required for 
this operation. 

• Virtual Power Button feature is not supported on this server. 

• Host power is already ON. 

• Host power is already OFF. 

• User does not have correct privilege for action. 

• Logged-in user does not have required privilege for this command. 

RESET_SERVER 

The RESET_SERVER command resets the server if the server is turned on. The 
RESET_SERVER command must be displayed within a SERVERJNFO 
element, and SERVERJNFO must be in write mode. The user must be logged in 
with reset server privilege to execute this command. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<SERVER_INFO MODE="write"> 

<RESET_SERVER/> 

</SERVER_INFO> 

</LOGIN> 
</RIBCL> 

RESET_SERVER Parameters 

There are no parameters for this command. 



RESET_SERVER Errors 



The possible RESET_SERVER error messages include: 
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• Server information is open for read-only access. Write access is required for 
this operation. 

• Server is currently powered off. 

• User does not have correct privilege for action. 

• Logged-in user does not have required privilege for this command. 



The UID_STATUS command provides the status of the server UID light. 

Example: 

<RIBCL VERSION="2 . 0"> 

<LOGIN USER_LOGIN="adminname" PASSWORD="password"> 

<SERVER_INFO MODE="write"> 
<GET UID_STATUS /> 

</SERVER_INFO> 

</LOGIN> 
</RIBCL> 



GET UID 



STATUS 



GET_UID 



STATUS Parameters 



There are no parameters for this command. 



GET_UID 



STATUS Response 



The following information is returned within the response: 



<GET_UID_STATUS 
UID="OFF" 

/> 



UID CONTROL 



The UID_CONTROL command turns the server UID light off or on. The 
UID_CONTROL command must be displayed within a SERVERJNFO element 
and SERVERJNFO must be in write mode. 
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Example: 

<RIBCL VERSI0N="2 . 0"> 

<L0GIN USER_LOGIN="adminname" PASSWORD="password"> 

<SERVER_INFO MODE="write"> 
<UID_C0NTR0L UID="Yes"/> 

</SERVER_INFO> 

</L0GIN> 
</RIBCL> 

UID_CONTROL Parameters 

UID determines the state of the UID. A value of "Yes" turns the UID light on, 
and a value of "No" turns the UID light off. 

UID_CONTROL Errors 

The possible UID_CONTROL error messages include: 

• UID is already ON. 

• UID is already OFF. 
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Integrated Lights-Out Parameters 

In This Section 

Integrated Lights-Out Parameters Table 207 

Server Identification Parameters 211 

User Administration Parameters 212 

Global Settings Parameters 214 

Network Settings Parameters 216 

Directory Settings Parameters 219 

SNMP/Insight Manager Settings Parameters 221 

ProLiant BL p-Class Parameters 223 

iLO Advanced License Activation Settings 225 

Integrated Lights-Out Parameters Table 



You can record your settings in the "Your Value" column of the table. 
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Parameters 


Default Value or Setting 


Your Value 


Server Identification 


PCI Resources 


Set by the bios 




Server Name 






Server ID 






Serial Number 


i LOXXXXXXXXXXXX 




Firmware Version 


xx.xx 




Firmware Date 


mm/dd/yyyy 




User Administration 


User Name 


Administrator 




Login Name 


Administrator 




Password 


A random, eight-character 
alphanumeric string that is 
factory assigned 




Administer User Accounts 


Yes 




Remote Console Access 


Yes 




Virtual Power and Reset 


Yes 




Virtual Media 


Yes 




Configure iLO Settings 


Yes 




Global Settings 


Enable Lights-Out 
Functionality 


Yes 




Idle Connection Timeout 
(minutes) 


30 minutes 




Web Server Non-SSL Port 


80 




Web Server SSL Port 


443 




Virtual Media Port 


17988 




Remote Console Port 


23 




Enable iLO ROM-Based 
Setup Utility 


Yes 
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Parameters 


Default Value or Setting 


Your Value 


Require Login for iLO RBSU 


No 




Minimum Password Length 


8 




Network Settings 


FnahlA NIP 


T CO 




Transceiver Speed 

Ai itr~ic o 1 oft 


Yes 




Speed 


N/A (Autoselect) 




Duplex 


N/A (Autoselect) 




Enable DHCP 


Yes 




Use DHCP Supplied 
Gateway 


Yes 




Use DHCP Supplied DNS 

Oct vfcJi b 


Yes 




1 lc:p DHPP ^nnnlipH WIN^ 

UOC L-/I lur OU(J|JllcU VVlINO 

Servers 


Vpc 




Use DHCP Supplied Static 
Routes 


Yes 




Use DHCP Supplied 
Domain Name 


Yes 




Ronictor With WIMQ Qorv/or 
nt;yioit;i vviui vviino oci vui 






RpniQtpr With DM^ Qpn/or 


N/A ^nHPP^ 




Pinn fnfltpwav/ on ^tartnn 


No 




iLO IP Address 


N/A (DHCP) 




iLO Subnet Mask 


N/A (DHCP) 




iLO Gateway IP Address 


N/A (DHCP) 




iLO Subsystem Name 


\LOXXXXXXXXXXXX, where 
the 1 2 Xs are the server 
serial number (assigned at 
the factory) 




Domain Name 


N/A (DHCP) 




DHCP Server 


N/A (DHCP) 
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Parameters 


Default Value or Setting 


Your Value 


Primary, Secondary, and 
Tertiarv DNS Server 


N/A (DHCP) 




Primary and Secondary 
WINS Server 


N/A (DHCP) 




Static Routes #1, #2, #3 


N/A for both the Destination 
and Gateway address 
(DHCP) 




SNMP/lnsight Manager Settings 


SNMP Alert Destination(s) 


No 




Enable iLO SNMP Alerts 


No 




Forward Insight Manager 
Agent SNMP Alerts 


No 




Insight Manager Web Agent 
URL 






Level of Data Returned 


Medium 




<LOM _short_name> 
Advanced License 
Activation 






iLO Advanced Pack License 
Key 


No 




BL p-Class 


Rack Name 


Provided by rack 




Enclosure Name 


Provided by rack 




Bay Name 


Bay X (where X is the bay 
number in which the blade 
server is located) 




Bay 


Provided by rack 




Rack Serial Number 


Provided by rack 




Enclosure Serial Number 


Provided by rack 




Blade Serial Number 


Provided by blade server 




Power Source 


Rack Provides Power 




Enable Automatic Power On 


On 
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Parameters 


Default Value or Setting 


Your Value 


Enable Rack Alert 
Forwarding 


On 




Enable Rack Alert Logging 
(IML) 


On 




Directory Settings 


Directory Authentication 


Disabled 




Directory Server Address 


0.0.0.0 




Directory Server LDAP Port 


636 




LOM Object Distinguished 
Name 






LOM Object Password 






Directory User Context 1 






Directory User Context 2 






Directory User Context 3 







Server Identification Parameters 

The following parameters provide information about the host server. 

PCI Resources 

This field shows the interrupt reserved for PCI resources. The value is set by 
the bios. 

Server Name 

If the Insight Management agents are being used with the host server operating 
system, they will provide iLO with the server name. 
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Serial Number 

This is the serial number of iLO. The number is displayed for your information. 
You cannot alter this number. 

Firmware Version 

This is the version number of the iLO firmware. You cannot alter this value. 

Firmware Date 

This is the date of the firmware version resident on iLO in mm/dd/yyyy format. It 
is displayed for your information only and cannot be altered. 

User Administration Parameters 

The User Administration section enables you to define the users currently 
configured for access to iLO. Up to 12 users can be specified. User 
configurations can be added, deleted, or modified by using the Web interface. 

User Name 

This parameter is the user's real name as it is displayed in the user list and event 
log. It is not the name used to log in. The maximum length of the user name is 
39 characters. 

Login Name 



This is a case-sensitive name that the user must provide to log in to iLO. 
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Password 

This is a case-sensitive password that the user must provide to log in to iLO. In 
Security Options, the minimum password length can be assigned. The minimum 
password can be from 0 to 39 characters. The default minimum password length 
is eight characters. You must enter the password twice for verification. 

Administer User Accounts 

This privilege allows a user to add, modify, and delete user accounts. It also 
allows the user to alter privileges for all users, including granting all permissions 
to a user. 

Remote Console Access 

This privilege allows a user to remotely manage the Remote Console of a 
managed system, including video, keyboard, and mouse controls. 

Virtual Power and Reset 

This privilege allows a user to power-cycle or reset the host platform. 

Virtual Media 

This privilege allows a user to use virtual media on the host platform. 

Configure iLO Settings 

This privilege enables a user to configure most iLO settings, including security 
settings. It does not include user account administration. 

After iLO is correctly configured, revoking this privilege from all users prevents 
reconfiguration. A user with the Administer User Accounts privilege can enable 
or disable this privilege. iLO can also be reconfigured if iLO RBSU is enabled. 
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Global Settings Parameters 

The Global Settings section enables you to define the overall security level for 
iLO. These settings are applied globally, regardless of the individual user 
settings. 

Idle Connection Timeout (Minutes) 

This option specifies the interval of user inactivity, in minutes, before the Web 
server and Remote Console session are automatically terminated. 

Enable Lights-Out Functionality 

This option allows connection to iLO. If disabled, all connections to iLO are 
prevented. The default setting is Yes. 

Enable iLO ROM-Based Setup Utility 

This option enables a user with access (physical or virtual) to the host to 
configure iLO for that system using the iLO RBSU. RBSU is invoked when the 
host system reboots and performs POST. The default setting is Yes. You can 
restrict RBSU access to authorized users using the Require Login for iLO 
RBSU setting. 

NOTE: If the physical security jumper is set, the RBSU prompt displays 
during reboot. 

Require Login for iLO RBSU 

This option specifies whether the user is required to provide a login name and 
password to access the iLO RBSU. The default setting is No. 



Integrated Lights-Out Parameters 215 



Remote Console Port Configuration 

This option enables or disables configuring of the port address. Setting this 
option to Enabled allows Telnet and Remote Console applet access. Setting this 
option to Disabled turns off both Telnet and Remote Console applet access. 
Remote Console Data Encryption must be set to No to use Telnet to access the 
text Remote Console. 

Remote Console Data Encryption 

This option enables encryption of Remote Console data. If using a standard 
Telnet client to access the iLO, this setting must be set to No. 

SSL Encryption Strength 

This option displays the current cipher strength setting. The most secure is 128- 
bit (High). 

Current Cipher 

This option displays the encryption algorithm currently being used to protect data 
during transmission between the browser and the iLO. 

Web Server Non-SSL Port 

The embedded Web server in iLO is configured by default to use port 80 for 
unencrypted communications. This port setting is configurable in the Global 
Settings option of the Administration tab. 

Web Server SSL Port 

The embedded Web server in iLO is configured by default to use port 443 for 
encrypted communications. This port setting is configurable in the Global 
Settings option of the Administration tab. 
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Virtual Media Port 

The Virtual Media support in iLO uses a configurable port for its 
communications. This port can be set in the Global Settings option of the 
Administration tab. The default setting is to use port 17988. 

Remote Console Port 

The iLO Remote Console is configured by default to use port 23 for Remote 
Console communications. This port setting is configurable in the Global Settings 
option of the Administration tab. 

Minimum Password Length 

This option specifies the minimum number of characters allowed when a user 
password is set or changed. The character length can be set at a value from 0 to 
39. The default setting is eight characters. 

Network Settings Parameters 

The following parameters provide information about the iLO network settings. 

Enable NIC 

This parameter enables the NIC to reflect the state of iLO. The default setting for 
the NIC is Yes, which is enabled. If DHCP is disabled, you must assign a static 
IP address to iLO. Assign the IP address using the iLO IP Address parameter 
described in this section. 

Transceiver Speed Autoselect 

Autoselect detects the interface speed and sets the interface to operate at 10 Mbps 
or 100 Mbps and at half or full duplex. If necessary, this parameter can be set to 
manual to allow manual adjustment of speed and duplex settings. 
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Speed 

Use this setting to assign 10-Mbps or 100-Mbps connect speeds if Transceiver 
Speed Autoselect is not enabled. 

Duplex 

Use this setting to assign half or full duplex to the NIC if Transceiver Speed 
Autoselect is not enabled. 

DNS/DHCP 

iLO comes preset from HP with DNS/DHCP enabled. To disable DHCP, you 
must use the iLO RBSU. 

NOTE: If you disable DHCP, you will have to manually set up the IP 
address and the subnet mask using the iLO RBSU. 

If DHCP is enabled, the following settings are also enabled: 

• Use DHCP Supplied Gateway 

• Use DHCP Supplied DNS Servers 

• Use DHCP Supplied WINS Servers 

• Use DHCP Supplied Static Routes 

• Use DHCP Supplied DNS Name 

If DHCP has been disabled, these settings may have to be assigned. 

Registering with WINS Server 

iLO automatically registers with a WINS server. The default setting is Yes. By 
default, WINS server addresses are assigned by DHCP. 
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Registering with DNS Server 

iLO automatically registers with a DNS server. The default setting is Yes. By 
default, DNS server addresses are assigned by DHCP. 

Ping Gateway on Startup 

This option causes iLO to send four ICMP echo request packets to the gateway 
when iLO initializes. This option ensures that the ARP cache entry for iLO is 
current on the router responsible for routing packets to and from iLO. 

iLO IP Address 

Use this parameter to assign a static IP address to iLO on your network. By 
default, the IP address is assigned by DHCP. 

iLO Subnet Mask 

Use the subnet mask parameter to assign the subnet mask for the default 
gateway. By default, the subnet mask is assigned by DHCP. 

iLO Gateway IP Address 

Use the gateway parameter to assign the IP address of the network router that 
connects the iLO subnet to another subnet where the management console 
resides. The default gateway is assigned by DHCP. 

iLO Subsystem Name 

iLO comes preset with a DNS/WINS name. The DNS/WINS name is "iLO" plus 
the serial number of the server. This name also is displayed on the tag attached to 
the bracket of iLO. You can change this value. 
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Domain Name 

Enter the name of the domain that iLO will participate in. By default, the domain 
name is assigned by DHCP. 

DHCP Server 

This setting is automatically detected if DHCP is set to Yes. You cannot change 
this setting. 

Primary, Secondary, and Tertiary DNS Server 

Use this parameter to assign a unique DNS server IP address on the network. By 
default, the primary, secondary, and tertiary DNS servers are assigned by DHCP. 

Primary and Secondary WINS Server 

Use this parameter to assign a unique WINS server IP address on the network. 
By default, the primary and secondary WINS servers are assigned by DHCP. 

Static Route #1,#2, #3 

Use this parameter to assign a unique static route destination and gateway 

IP address pair on the network. Up to three static route pairs can be assigned. By 

default, the static routes are assigned by DHCP. 

Directory Settings Parameters 

The following parameters provide information about the Directory Settings. 

Directory Authentication 

This parameter enables or disables directory authentication. If directory support 
is properly configured, this enables user login to iLO using directory credentials. 
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Directory 



Server Address 



This parameter specifies the Directory Server DNS name or IP address. HP 
recommends using a DNS name or multi-host DNS name. If an IP address is 
used, the directory will not be available if that server is down. 



This option sets the port number used to connect to the directory server. The SSL 
secured LDAP port number is 636. 



This option specifies the unique name for the iLO in the directory. LOM Object 
Distinguished Names are limited to 256 characters. 



This parameter specifies the password for the iLO object to access the directory. 
LOM Object Passwords are limited to 39 characters. 

NOTE: At this time, the LOM Object Password field is not used. This 
field is to provide forward compatibility with future firmware releases. 



Directory User Context 1, Directory User Context 2, Directory 
User Context 3 



This parameter enables you to specify up to three searchable contexts used to 
locate the user when the user is trying to authenticate using the directory. 
Directory User Contexts are limited to 128 characters each. Directory User 
Contexts enable you to specify directory user containers that are automatically 
searched when an iLO login is attempted. This eliminates the requirement of 
entering a fully distinguished user name at the login screen. For example, the 
search context, "ou=lights out devices,o=corp" would allow the user 
"cn=manager,ou=lights out de vices, o=corp" to login to iLO using just 
"manager." Active Directory allows an additional search context format, 
"©hostname" for example, "@directory.corp." 



Directory 



Server LDAP Port 



LOM Object Distinguished Name 



LOM Object Password 
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Testing Directory Settings 

After updating the directory settings, click the Apply Settings button to store the 
settings. When the Test Settings button is enabled, you can validate the current 
directory settings. To test these settings: 

1. Be sure the Enable Directory Authentication setting is enabled. 

2. Click the Test Settings button. 

3. Enter the fully distinguished name and password of the user used to add iLO 
to the directory server in the Directory Administrator Distinguished Name 
and Directory Administrator Password fields. 

4. Enter the credentials of an expected directory-based iLO User account in the 
Test User Name and Test User Password fields. 

5. Click the Start Test button. 

A series of tests will begin, and the page will automatically refresh as the tests 
progress. View the test status to diagnose the results, and consult the help page 
for specific test result details. The test results are cleared if any directory settings 
are changed, if iLO is reset, or if the tests are restarted. 



SNMP/lnsight Manager Settings Parameters 

iLO supports SNMP settings on a device level. These parameters are not 
designated on a per-user basis but are specific to iLO. 



SNMP Alert Destinations 

Enter the IP address of the remote management PC that will receive SNMP trap 
alerts from iLO. Up to three IP addresses can be designated to receive SNMP 
alerts. 
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Enable iLO SNMP Alerts 

These alert conditions are detected by iLO and are independent of the host server 
operating system. These alerts can be Insight Manager SNMP traps. These alerts 
include major events, such as remote server power outages or server resets. They 
also include iLO events, such as security disabled or failed login attempt. iLO 
forwards the alerts to an Insight Manager 7 console using the destinations 
provided. The default setting is Yes. 



Forward Insight Manager Agent SNMP Alerts 

These alerts are generated by the Insight Management agents, which are provided 
for each supported network operating system. The agents must be installed on the 
host server to receive these alerts. These alerts are sent to Insight Manager 7 
clients on the network and are forwarded asynchronously by iLO to the IP 
addresses that have been configured to receive them. The default setting is Yes. 



Insight Manager Web Agent URL 

The Insight Manager Web Agent URL option enables you to enter the IP address 
or the DNS name of the host server on which the Insight Manager Web Agents 
are running. Entering this data in the field provided enables iLO to create a link 
from the iLO Web pages to the pages of the Web Agent. 



Level of Data Returned 

The Level of Data Returned option regulates how much data is returned to an 
anonymous request for iLO information from Insight Manager 7. All settings, 
except the None Data Level, provide sufficient data to allow integration with 
Insight Manager 7. The Medium and High settings enable Insight Manager 7 to 
associate the management processor with the host server. The None Data Level 
prevents iLO from responding to the Insight Manager 7 requests. The default 
setting is Medium. 
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ProLiant BL p-Class Parameters 

The following parameters provide information about the ProLiant BL p-Class 
settings. 

Rack Name 

The rack name is used to logically group together the components that comprise 
a single rack. When changed, the rack name is communicated to all other 
components connected in a rack. The name is used when logging and alerting to 
assist in identifying the component. 

Enclosure Name 

The enclosure name is used to logically group together the server blades that 
comprise a single enclosure. When changed, the enclosure name is 
communicated to all other server blades connected in the same enclosure. The 
name is used when logging and alerting to assist in identifying the component. 

Bay Name 

The bay name is used when logging and alerting to assist in identifying a 
component or its function. 

Bay 

The ProLiant BL p-Class enclosure can support one to eight server blades. The 
bays are numbered from left to right starting with 1 and finishing with 8. The bay 
number is used to assist in physically identifying the faulty server blade or other 
error conditions. This information is for viewing only. 
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Rack Serial Number 

The rack serial number identifies the components in the rack as a logical 
grouping. The serial number is determined during power-up of the various 
components to create a unique rack serial number. Switching components (server 
blade enclosure or power supplies) alters the rack serial number. 

Enclosure Serial Number 

The enclosure serial number identifies the particular server blade enclosure in 
which a server blade resides. 

Blade Serial Number 

The blade serial number identifies the serial number for the server blade product. 

Power Source 

The server blade enclosure can be installed in a rack by using one of two 
configurations: 

• The server blade power supplies can be used to convert normal AC facility 
power to 48 V DC to power the rack. In this configuration, select the power 
source as Rack Provides Power. This setting allows each server blade, 
enclosure, and power supply to communicate power requirements to ensure 
proper power consumption without risking power failures. 

• If the facility can provide 48 V DC power directly, without the need for the 
provided power supplies, then select Facility Provides 48V. Each server 
blade will not be required to communicate with the infrastructure for power 
when powering on or off. 



NOTE: It is essential that proper power sizing requirements be 
performed to ensure sufficient power for all the server blades and other 
components of the rack. 
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Enable Automatic Power On 

Each server blade can be configured to automatically power on when inserted 
into the enclosure. Depending on the Power Source setting, the server blade 
communicates with the rack to determine if enough power is available to power 
on. If the power is available, then the server blade automatically powers on and 
begins the normal server booting process. 

iLO Advanced License Activation Settings 

The following parameter provides information about the licensing of the iLO 
Advanced Features. 

iLO Advanced Pack License Key 

The iLO Advanced Pack License Key option is used to enable the iLO Advanced 
Features including Graphical Remote Console, virtual media (floppy and 
CD_ROM), and directory support . Enter the 25-character key in this field to 
enable the features. 
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iLO has the following minimum requirements: 

• Windows® clients 

- Windows® 2000 

- Microsoft® Internet Explorer 5.5 with SP2 with 128-bit encryption 

- Java 1 . 3 . 1 JVM or later 

• Linux clients 

- Red Hat 7.3 

- Netscape 7.x or Mozilla 1.2. 1 with 128-bit encryption 

- Java 1 .4. 1 JVM or later 

To download the recommended JVM for your system configuration, refer to the 
HP website ( http ://w w w . hp. com/servers/manage/j vm ) . 

NOTE: You will be redirected from the main site to the java.sun.com 
site. HP recommends using the version specified in the Remote 
Console help pages. You can obtain the specified version for Internet 
Explorer either from the java.sun site or on the Management CD. 



In This Section 



Minimum Requirements 

Troubleshooting Alert and Trap Problems ... 

iLO POST LED Indicators 

Hardware and Software Link-Related Issues 
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Troubleshooting Alert and Trap Problems 



Alert 


Explanation 


Test Trap 


This trap is generated by a user through the Web configuration page. 


Qprwpr Pnwpr Outanp 


Sprvpr has lost nowpr 


Server Reset 


Server has been reset. 


Failed Login Attempt 


Remote user login attempt failed. 


General Error 


This is an error condition that is not predefined by the hard coded MIB. 


Logs 


Circular log has been overrun. 


Security Override Switch 
Changed: On/Off 


The state of the Security Override Switch has changed (On/Off). 


Rack Server Power On 
Failed 


The server was unable to power on because the BL p-Class rack 
indicated that insufficient power was available to power on the server. 


Rack Server Power On 
Manual Override 


The server was manually forced by the customer to power on despite 
the BL p-Class reporting insufficient power. 


Rack Name Changed 


The name of the ProLiant BL p-Class rack was changed. 



Inability to Receive Insight Manager 7 Alarms (SNMP Traps) 
from iLO 

A user with the Configure iLO Settings privilege must connect to iLO to 
configure SNMP trap parameters. When connected to iLO, be sure that the 
correct alert types and trap destinations are enabled in the SNMP/Insight 
Manager Settings screen of the iLO console application. 

iLO Security Override Switch 

The iLO Security Override Switch allows emergency access to the administrator 
with physical control over the server system board. Setting the iLO Security 
Override Switch allows login access, with all privileges, without a user ID and 
password. 
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The iLO Security Override Switch is located inside the server and cannot be 
accessed without opening the server enclosure. To set the iLO Security Override 
Switch, the server must be powered off and disconnected from the power source. 
Set the switch and then power on the server. Reverse the procedure to clear the 
iLO Security Override Switch. 

A warning message is displayed on the iLO Web pages, indicating that the iLO 
Security Override Switch is currently in use. An iLO log entry is added recording 
the use of the iLO Security Override Switch. An SNMP alert may also be sent 
upon setting or clearing the iLO Security Override Switch. 

In the unlikely event that it is necessary, setting the iLO Security Override 
Switch also enables you to flash the iLO boot block. The boot block is exposed 
until iLO is reset. HP recommends that you disconnect iLO from the network 
until the reset is complete. 

Depending on the server, the iLO Security Override Switch may be a single 
jumper or it may be a specific switch position on a dip switch panel. To access 
the iLO Security Override Switch, refer to the server documentation. 

iLO POST LED Indicators 

During the initial boot of iLO, the POST LED indicators flash to display the 
progress through the iLO boot process. After the boot process is complete, the 
heartbeat (HB) LED flashes every second. LED 7 also flashes intermittently 
during normal operation. 

The LED indicators (1 through 6) light up after the system has booted to indicate 
a hardware failure. If a hardware failure is detected, reset iLO. For the location of 
the LED indicators, refer to the server documentation. 

A runtime failure of iLO is indicated by HB and LED 7 remaining in either the 
On of Off state constantly. A runtime failure of iLO may also be indicated by a 
repeated flashing pattern on all eight LEDs. If a runtime error occurs, reset iLO. 

The LED indicators have the following assignments: 
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HB 


7 


6 


5 


4 


3 


2 


1 



LED Indicators 


POST Code 

(Activity 

Completed) 


Description 


Failure Indicates 


None 


00 


Set up chip selects. 




1 or 2 


02 — Normal 
operation 


Determine platform. 




2 and 1 


03 


Set RUNMAP bit. 




3 


04 


Initialize SDRAM controller. 




3 and 2 


06 


Activate the 1 cache. 




3, 2, and 1 


07 


Initialize (only) the D 
cache. 




4 


08 


Copy secondary loader to 
RAM. 


Could not copy secondary 
loader. 


4 and 1 


09 


Verify secondary loader. 


Did not execute 
secondary loader. 


4 and 2 


0a 


Begin secondary loader. 


SDRAM memory test 
failed. 


4, 2, and 1 


0b 


Copy ROM to RAM. 


Could not copy boot 
block. 


4 and 3 


0c 


Verify ROM image in RAM. 


Boot block failed to 
execute. 


4, 3, and 1 


Od 


Boot Block Main started. 


Boot block could not find a 
valid image. 


None 




Start C Run time 
initialization. 




4, 3, and 2 


Oe 


Main() has received 
control. 


Main self-test failed. 


Varies 


Varies 


Each subsystem may self- 
test. 




4, 3, 2, and 1 


Of 


Start ThreadX. 


RTOS startup failed. 


None 


00 


Main_init() completed. 


Subsystem startup failed. 
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LED Indicators 


POST Code 

(Activity 

Completed) 


Description 


Failure Indicates 


HB and 7 




Blinks as the iLO processor 
executes firmware code. It 
does not change the value 
of the lower six LEDs. 





The iLO microprocessor firmware includes code that makes consistency checks. 
If any of these checks fail, the microprocessor executes the FEH. The FEH 
presents information using the iLO POST LED indicators. The FEH codes are 
distinguished by the alternating flashing pattern of the number 99 plus the 
remainder of the error code. 



FEH Code 


Consistency Check 


Explanation 


9902 


TXAPICHK 


An RTOS function was called with an 
inappropriate value, or was called from an 
inappropriate caller. 


9903 


TXCONTEXT 


The saved context of one or more threads has 
been corrupted. 


9905 


TRAP 


A stack probe failed, return address is invalid, or 
illegal trap instruction has been detected. 


9966 


NMIWR 


An unexpected write to low memory has occurred. 


99C1 


CHKNULL 


The reset vector has been modified. 



Hardware and Software Link-Related Issues 

The following sections discuss items to be aware of when attempting to resolve 
hardware or software link-related issues. 

Hardware 



iLO uses standard Ethernet cabling, which includes CAT5 UTP with RJ-45 
connectors. Straight-through cabling is necessary for a hardware link to a 
standard Ethernet hub. Use a crossover cable for a direct PC connection. 
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Software 

The iLO Management Port must be connected to a network that is connected to a 
DHCP server, and iLO must be on the network before power is applied. DHCP 
sends a request soon after power is applied. If the DHCP request is not answered 
when iLO first boots, then it will reissue the request at 90-second intervals. 

The DHCP server must be configured to supply DNS and WINS name 
resolution. iLO can be configured to work with a static IP address either in the F8 
option ROM setup or from the Network Settings Web page. 

The default DNS name appears on the network settings tag and can be used to 
locate iLO without knowing the assigned IP address. 

If a direct connection to a PC is used, then a static IP address must be used 
because there is no DHCP server on the link. 

Within the iLO RBSU, you may press the Fl key inside the DNS/DHCP page 
for advanced options to view the status of iLO DHCP requests. 

Login Issues 

Use the following information when attempting to resolve login issues: 

• The default login is on the network settings tag. 

• If you forget your password, an administrator with the Administer User 
Accounts privilege can reset it for you. 

• If an administrator forgets his or her password, the administrator must use 
the Security Override Switch. 

• Check for standard problems, such as: 

- Is the password complying with password restrictions? For example, are 
there case-sensitive characters in the password? 

- Is an unsupported browser being used? 
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Login Name and Password Not Accepted 

If you have connected to iLO but it does not accept your login name and 
password, you must verify that your login information is configured correctly. 
Have a user who has the Administer User Accounts privilege log in and change 
your password. If you are still unable to connect, have the user log in again and 
delete and re-add your user account. 

NOTE: The RBSU can also be used to correct login problems. 
Inability to Access the Login Page 

If you cannot access the login page, you must verify the SSL encryption level of 
your browser and iLO. The browser and iLO encryption levels must be 
consistent. 

HP recommends that you use the 128-bit high encryption pack. 
Inability to Access iLO Using Telnet 

If you cannot access iLO using Telnet, you must verify the Remote Console Port 
Configuration and Remote Console Data Encryption on the Global Settings 
screen. If Remote Console Port Configuration is set to Automatic, the Remote 
Console applet enables port 23, starts a session, and then closes port 23 when the 
session is completed. Telnet cannot automatically enable port 23, so it fails. For 
more information on Telnet settings, refer to the "Telnet Support (on page 83)" 
section. 

Proxy Server Issues 

If the Web browser software is configured to use a proxy server, it will not 
connect to the iLO IP address. To resolve this issue, configure the browser not to 
use the proxy server for the IP address of iLO. For example, in Internet Explorer, 
select Tools, Internet Options, Connections, LAN Settings, Advanced, and 
then enter the iLO IP address or DNS name in the Exceptions field. 



234 Integrated Lights-Out User Guide 



Firewall Issues 

iLO communicates through several configurable TCP/IP ports. If these ports are 
blocked, the administrator must configure the firewall to allow for 
communications on these ports. Refer to the Global Settings option in the 
Administration tab to view or change port configurations. 

Inability to Access Virtual Media or Graphical Remote Console 

Virtual media and graphical Remote Console are only enabled by licensing the 
optional iLO Advanced Pack. A message is displayed to inform the user that the 
features are not available without a license. Although up to 10 users are allowed 
to log into iLO, only one user can access the remote console. A warning message 
is displayed to say that the Remote Console is already in use. 

Resetting Integrated Lights-Out 

In rare instances, it might be necessary to reset iLO; for example, if iLO is not 
responding to the browser. To reset iLO, you must power down the server and 
disconnect the power supplies completely. 

iLO may reset itself in certain instances. For example, an internal iLO watchdog 
timer resets if the firmware detects an iLO problem. If a firmware upgrade is 
completed or a network setting is changed, iLO also resets. 

The HP Management Agents 5.40 and later have the ability to reset iLO. To reset 
iLO, use the Reset iLO option on the HP Management Agent Web page under 
the iLO section. 

You can also manually force the iLO management processor to reset by clicking 
Apply on the Network Settings page. You do not need to change any parameters 
before clicking Apply. 

Troubleshooting Video and Monitor Problems 



The following sections discuss items to be aware of when attempting to resolve 
video and monitor issues. 
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General Guidelines 

• The client screen resolution must be greater than the screen resolution of the 
remote server. 

• The iLO Remote Console only supports the ATI Rage XL video chip that is 
integrated in the system. The Remote Console functionality of iLO does not 
work if you install a plug-in video card. All other iLO functionality is 
available if you choose to use a plug-in video card. 

• Only one user at a time is allowed to access the Remote Console. Check to 
see if another user is logged into iLO. 

Inability to Navigate the Single Cursor of the Remote Console to Corners of the 
Remote Console Window 

In some cases, you may be unable to navigate the mouse cursor to the corners of 
the Remote Console window. If so, right-click and drag the mouse cursor outside 
the Remote Console window and back inside. 

If the mouse still fails to operate correctly, or if this situation occurs frequently, 
verify that your mouse settings match those recommended in the "Optimizing 
Performance for Graphical Remote Console (on page 16)" section. 

Remote Console Text Window not Updating Properly 

When using the Remote Console to display text windows that scroll at a high rate 
of speed, the text window might not update properly. This error is caused by 
video updates occurring quicker than the iLO firmware can detect and display 
them. Typically, only the upper left corner of the text window updates while the 
rest of the text window remains static. After the scrolling is complete, click 
Refresh to properly update the text window. 

One known example of this issue is during the Linux booting and posting 
process, in which some of the POST messages can be lost. A possible 
repercussion is that a keyboard response will be requested by the boot process 
and will be missed. To avoid this issue, the booting and posting process should 
be slowed down by editing the Linux startup script to allow more time for 
keyboard responses. 



236 Integrated Lights-Out User Guide 



Telnet Displays Incorrectly in DOS 

When using the iLO Telnet session to display text screens involving a maximized 
DOS window, the telnet session is unable to represent anything except the upper 
portion of the screen if the server screen is larger than 80x25. 

To correct this adjust the DOS® windows properties to limit its size to 80x25, 
before maximizing the DOS window. 

• On the title bar of the DOS® window, right click the mouse and select 
Properties and select Layout. 

• On the Layout tab, change the Screen Buffer Size height to 25. 

Video Applications not Displaying in the Remote Console 

Some video applications, such as Microsoft® Media Player, will not display, or 
will display incorrectly, in the Remote Console. This problem is most often seen 
with applications that use video overlay registers. Typically, applications that 
stream video use the video overlay registers. iLO is not intended for use with this 
type of application. 



Troubleshooting Miscellaneous Problems 

The following sections discuss troubleshooting miscellaneous hardware or 
software issues. 

Remote Console Mouse Control Issue 

While using Remote Console on a server running Microsoft® Windows® Server 
2003, mouse movement can be very slow and it might be difficult to navigate to 
each of the four corners of the screen. When trying to reach a far corner of the 
screen, the mouse can disappear completely. 

NOTE: This mouse behavior is more pronounced when the Remote 
Console session is running in a browser applet window that is smaller 
than the size of the server screen, and scrolling is required to see the 
full contents of the screen, which are not displayed. 

To resolve this issue, change the following settings: 
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1. Click Start, Control Panel, Mouse Properties from the Windows® Server 
2003 desktop applet. 

2. Disable the Enhance pointer precision parameter. 
Emulating a PS/2 Keyboard in a Headless Server Environment 

iLO will emulate a PS/2 keyboard in a headless server environment. When iLO 
detects that the server is going through POST, iLO scans for a PS/2 keyboard. If 
no local PS/2 keyboard is detected, iLO will be the PS/2 keyboard for the server. 

A consequence of only scanning for a PS/2 keyboard at server POST time is that 
iLO will not implement hot-plug PS/2 keyboard functionality. If a user plugs in a 
PS/2 keyboard after the server POST, the keyboard will not be detected and will 
not work. If a user unplugs the PS/2 keyboard after the server has gone through 
POST, but before the operating system loads, the operating system will be unable 
to accept keystrokes from the Remote Console. The server must be rebooted to 
force iLO to rescan for a PS/2 keyboard. 

iLO RBSU Unavailable after iLO and Server Reset 

If the iLO processor is reset and the server is immediately reset, there is a small 
chance that the iLO firmware will not be fully initialized when the server 
performs its initialization and attempts to invoke the iLO RBSU. In this case, the 
iLO RBSU will be unavailable or the iLO Option ROM code will be skipped 
altogether. If this happens, reset the server a second time. To avoid this issue, 
wait a few seconds before resetting the server after resetting the iLO processor. 

Inability to Connect to the iLO Processor through the NIC 

If you cannot connect to the iLO processor through the NIC, try any or all of the 
following troubleshooting methods: 

• Confirm that the green LED indicator (link status) on the iLO RJ-45 
connector is on. This indicates a good connection between the PCI NIC and 
the network hub. 

• Look for intermittent flashes of the green LED indicator, which indicates 
normal network traffic. 

• Run the iLO RBSU to confirm that the NIC is enabled and verify the 
assigned IP address and subnet mask. 
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• Run the iLO RBSU and use the Fl - Advanced tab inside of the 
DNS/DHCP page to see the status of DHCP requests. 

• Ping the IP address of the NIC from a separate network workstation. 

• Attempt to connect with browser software by typing the IP address of the 
NIC as the URL. You can see the iLO Home page from this address. 

• Reset iLO. 

NOTE: If a network connection is established, you may have to wait up 
to 90 seconds for the DHCP server request. 

ProLiant BL p-Class servers have a diagnostic port available. Connecting a live 
network cable to the diagnostic port will cause iLO to automatically switch from 
the iLO port to the diagnostic port. When switching between the diagnostic and 
back ports, you must allow one minute for the network switchover to be 
complete before attempting connection through the Web browser. 

Inability to Connect to the iLO Diagnostic Port 

If you cannot connect to the iLO Diagnostic Port through the NIC, be aware of 
the following: 

• The use of the diagnostic port is automatically sensed when an active 
network cable is plugged into it. When switching between the diagnostic and 
back ports, you must allow one minute for the network switchover to be 
complete before attempting connection through the Web browser. 

• If a critical activity is in progress, the diagnostic port cannot be used until the 
critical activity is complete. Critical activities include: 

- Firmware upgrade 

- Remote Console session 

- SSL initialization 

• If you are using a client workstation that contains more than one enabled 
NIC, such as a wireless card and a network card, a routing issue may prevent 
you from accessing the diagnostic port. To resolve this issue: 

1 . Have only one active NIC on the client workstation. For example, disable the 
wireless network card. 
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2. Configure the IP address of the client workstation network to match the iLO 
Diagnostic Port network. 

a. The IP address setting should be 192.168.1 Jf, where Xis any number 
other than 1 , because the IP address of the diagnostic port is set at 
192.168.1.1. 

b. The subnet mask setting should be 255.255.255.0. 
Inability to Get SNMP Information from Insight Manager 7 

The agents running on the managed server supply SNMP information to Insight 
Manager 7. For agents to pass information through iLO, the iLO device drivers 
must be installed. Refer to the "Installing iLO Device Drivers" section for 
installation instructions. 

If you have installed the drivers and agents for iLO, verify that iLO and the 
management PC are on the same subnet. You can verify this quickly by pinging 
iLO from the management PC. See your network administrator for proper routes 
to access the network interface of iLO. 

Inability to Connect to iLO after Changing Network Settings 

Verify that both sides of the connection, the NIC and the switch, have the same 
settings for transceiver speed autoselect, speed, and duplex. For example, if one 
side is autoselecting the connection, then the other side should as well. The 
settings for the iLO NIC are controlled in the Network Settings screen. 

Incorrect Time or Date of the Entries in the Event Log 

You can update the time and date on iLO by running the RBSU. This utility 
automatically sets the time and date on the processor using the server time and 
date. The time and date are also updated by Insight Management agents on 
supported network operating systems. 

Inability to Upgrade iLO Firmware 

If you attempt to upgrade the iLO firmware and it does not respond, does not 
accept the firmware upgrade, or is terminated before a successful upgrade, the 
following options are available: 
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• iLO network flash recovery 

• ROMPaq 

iLO Network Flash Recovery 

The iLO network flash recovery payload enables you to recover from a failed 
firmware upgrade. The flash recovery payload uses FTP, which can only be used 
when the flash recovery payload is active, to transfer the firmware image to iLO. 
The flash recovery payload should only be used if: 

• Previous firmware upgrade attempts have failed. 

• You are unable to connect to the Web browser. 

• There is no other firmware upgrade option available. Servers with a floppy 
drive can use the ROMPaq option. ProLiant BL p-Class servers must use the 
flash recovery payload. 

If the iLO firmware image is damaged, missing, or otherwise corrupted, then the 
iLO flash recovery process is used to re-flash iLO. The flash recovery process is 
for the sole purpose of getting the system re-flashed. No other processes can be 
run until the recovery process is complete. 

Diagnostic Steps 

Before attempting a flash recovery of the firmware, use the following diagnostic 
steps to verify that flash recovery is needed: 

1 . Attempt to connect to iLO through the Web browser. If you are unable to 
connect, then there is a communication problem. 

2. Attempt to ping iLO. If you are successful, then the network is working. 

3. Attempt to open an FTP session to the IP address or DNS name of iLO. If 
you are successful, then the flash recovery payload is active and it is 
necessary to upgrade the firmware using the flash recovery process. 

4. If you cannot open an FTP session, then the system is not in recovery mode. 
Attempt to reset iLO using the steps in the "Resetting iLO ("Resetting 
Integrated Lights-Out" on page 234)" section. 
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Flash Recovery Process 

If you have verified that the flash recovery process is necessary through the 
diagnostic steps: 

1. Open an FTP session to the IP address or DNS name of iLO. 

2. Log in to iLO using a fixed user name of flash and a password of recovery. 
The user name and password are case sensitive. 

3. At the FTP prompt, enter the put command and the file name of the 
firmware image. 

The following is an example of the entries used for the flash recovery process: 

ftp 192.168.177.142 
login: flash 
password: recovery 
put \iLO140.bin 

• If the file is found, then the put command transfers the file to iLO, the image 
is validated, and the flashing process begins. 

• If the file is not found, then some versions of the put command will not 
report an error message. 

• If the directory path includes spaces, enclose the path and file name in 
quotes. 

After the firmware image is transferred, the recovery payload calculates the 
checksum, validates the digital signature, and reports if the image is valid. The 
flash reprogramming begins if the image is valid and flashing progress is then 
reported to the client. 

NOTE: This process will take a few seconds while the recovery payload 
decrypts the stored hash and computes a hash for the image to 
compare against. If the image is valid, the FTP server begins 
programming the image into the flash part and providing status updates. 

When completed, the flash recovery payload module disconnects and reboots the 
iLO processor. If the flash recovery process is unsuccessful, attempt the process 
again, while you view the progress for any errors. It might be necessary to use a 
different firmware image for the process. 
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ROMPaq 

Using ROMPaq to upgrade the iLO firmware involves two procedures: The first 
can be performed on any computer, and the second must be performed on the 
iLO host server. 

1 . Complete this procedure on any computer: 

a. Download the latest iLO firmware SoftPaq. Select the SoftPaq image for 
diskettes and save it to the hard drive. The SoftPaq can be downloaded at 
HP website ( http://www.hp.com/servers/lights-out ). 

b. Execute the SoftPaq to create diskettes. 

2. Complete this procedure only on the iLO host server: 

a. Boot the system from the ROMPaq diskette. 

b. From the A:\ prompt, enter 

rompaq 

c. Press the Enter key at the ROMPaq welcome screen. A screen displays 
the devices in your computer that can be upgraded. 

d. Use the cursors to select iLO Management and press the Enter key. A 
screen displays the firmware images that ROMPaq can install. 

e. Use the cursors to highlight the appropriate image and press the Enter 
key. 

f. Press the Enter key again. ROMPaq reads the firmware image. If you 
are prompted to enter additional diskettes because you copied files to 
more than one diskette, put in the appropriate diskette and press the 
Enter key. 

g. Press the Enter key again to begin reprogramming the ROM. Do not 
power cycle, reboot, or turn off the system while this process is taking 
place. 

h. After you receive a message that the flash programming has completed 
successfully, press the Enter key. 

i. Press the Enter key to reprogram another device, or press the Esc key to 
return to the A:\ prompt. 



Troubleshooting Integrated Lights-Out 243 



NOTE: It might be necessary to set the Security Override Switch to 
perform the ROMPaq upgrade. The ROMPaq program informs you if 
the Security Override Switch needs to be set. 

iLO Management Port not Accessible by Name 

The iLO Management Port can use either a WINS server or a Dynamic DNS 
(DDNS) server to provide the name-to-IP address resolution necessary to access 
the iLO Management Port by name. The WINS or DDNS server must be up and 
running before the iLO Management Port is powered on, and the iLO 
Management Port must have a valid route to the WINS or DDNS server. 

In addition, the iLO Management Port must be configured with the IP address of 
the WINS or DDNS server. Use DHCP to configure the DHCP server with the 
necessary IP addresses. You can also enter the IP addresses through RBSU or the 
Network Settings option on the Administration tab. 

The iLO Management Port must be configured to register with either a WINS 
server or a DDNS server. These options are turned on as factory defaults and can 
be changed through RBSU or the Network Settings option on the 
Administration tab. 

The clients used to access the iLO Management Port must be configured to use 
either the same WINS server with which the iLO Management Port was 
registered, or the same DDNS server where the IP address of the iLO 
Management Port was registered. 

If you are using a WINS server and a nondynamic DNS server, the access to the 
iLO Management Port may be significantly faster if you configure the DNS 
server to use the WINS server for name resolution. Refer to the appropriate 
Microsoft® documentation for more information. 



244 Integrated Lights-Out User Guide 



Event Log Entries 



Event Log Display 


Event Log Explanation 


Server power failed 


Displays when the server power fails. 


Browser login: IP address 


Displays the IP address for the browser that 
logged in. 


Server power restored 


Displays when the server power is restored. 


Browser logout: IP address 


Displays the IP address for the browser that 
logged out. 


Server reset 


Displays when the server is reset. 


Failed Browser login - IP Address: IP address 


Displays when a browser login fails. 


iLO Self Test Error: # 


Displays when iLO has failed an internal test. The 
probable cause is that a critical component has 
failed. Further use of iLO on this server is not 
recommended. 


iLO reset 


Displays when iLO is reset. 


On-board clock set; was #:#:#:#:#:# 


Displays when the onboard clock is set. 


Server logged critical error(s) 


Displays when the server logs critical errors. 


Event log cleared by: User 


Displays when a user clears the event log. 


iLO reset to factory defaults 


Displays when iLO is reset to the default settings. 


iLO ROM upgrade to # 


Displays when the ROM has been upgraded. 


iLO reset for ROM upgrade 


Displays when iLO is reset for the ROM upgrade. 


iLO reset by user diagnostics 


Displays when iLO is reset by user diagnostics. 


Power restored to iLO 


Displays when the power is restored to iLO. 


iLO reset by watchdog 


Displays when an error has occurred in iLO and 
iLO has reset itself. If this problem persists, call 
customer support. 


iLO reset by host 


Displays when the server resets iLO. 


Recoverable iLO error, code # 


Displays when a non-critical error has occurred in 
iLO and iLO has reset itself. If this problem 
persists, call customer support. 


SNMP trap delivery failure: IP address 


Displays when the SMNP trap does not connect to 
the specified IP address. 
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Event Log Display 


Event Log Explanation 


Tp^t SNMP tran alprt failpd for - IP address 

1 UOl \J 1 M 1 V 1 1 LI Cl^J ClIC 1 I 1 1 1 t»VJ IUI ■ // UUUI t7vJvJ 


Disnlav^ when thp SNMP tran dnps not rnnnprt tn 

1 — / 1 0 U 1 CL V O VV 1 1 I—/ II L 1 1 \j \m/ 1 *J 1 V 1 1 LI C-4. kv U UCxO 1 1 w L \j w 1 II 1^/vL LU 

the specified IP address. 


Pnwpr nutanp SNMP tran alprt failpd for - IP 

1 lJVVt/1 VJU lUU V V_J 1 N 1 VI 1 IIUU 1 Cv 1 I ICll 1 w IUI ■ II 

address 


Di^nlav^ whpn thp SNMP tran dnp^ not rnnnprt tn 

1— / loUIClyO V V 1 Id 1 Lilt/ Wl "1 1 VI 1 11 CLk/ Uul/O 1 Ivl w W 1 II IUvL IV 

the specified IP address. 


fiprvpr rpc;pt SNMP tran alprt failpd for - /P 

wCI VCI 1 CoCL vJIIIVir L 1 CI [J CI 1 CI L 1 CI II CU IUI . II 

address 


Di^nlav^ whpn thp SNMP tran dnpci nnt rnnnprt tn 

LJ lo[J 1 CI y o VV 1 Id 1 11 IO Ol N Ivl F L 1 CILJ UUuO llvJL UUI II ICVyl Lv 

the specified IP address. 


lllpnal Innin RNMP tran alprt failpd for IP 
ac/c/ress 


Di^nlav^ whpn thp SNMP tran dnpci nnt rnnnprt tn 

LJ 1 0|J 1 Cly o VVI ICI 1 U IC vJI >l 1 VI 1 L 1 CI [J LJ CO 1 1 w L Lf*JI II 1 C UL Lv 

the specified IP address. 


Diannn^itir prror SNMP tran alprt failpd fnr IP 

1— / 1 CA y 1 IUOIIVj CI 1 Ul \J 1 M 1 V 1 1 LI CAyJ Cll V 1 L 1 1 1 w IUI ■ II 

address 


Di^nlav^ whpn thp SNMP tran dnp^ nnt rnnnprt tn 

1— / loUIClyO VVI ICI 1 LI IV Ul V. 1 VI 1 lICLk/ W VO 1 Ivl Vvl II ICVl IV 

the specified IP address. 


Host generated SNMP trap alert failed for: IP 
address 


Displays when the SNMP trap does not connect to 
the specified IP address. 


Network resource shortage SNMP trap alert 
failed for: IP address 


Displays when the SNMP trap does not connect to 
the specified IP address. 


iLO network link up 


Displays when the network is connected to iLO. 


iLO network link down 


Displays when the network is not connected 
to iLO. 


iLO Firmware upgrade started by: User 


Displays when a user starts a firmware upgrade. 


Host server reset by: User 


Displays when a user resets the host server. 


Host server powered OFF by: User 


Displays when a user powers off a host server. 


Host server powered ON by: User 


Displays when a user powers on a host server. 


Virtual Flnnnv in iisp hv IJ^er 

v li iucii I luuuy li I u o ' — "/ ■ — •jy^ t 


Disnlav^ whpn a uspr hpnins u^ino a Virtual 

L/ioLJiayij vvi 1 I I uou k^t^yn io moil lu ci v M luui 

Floppy. 


Remote Console login: User 


Displays when a user logs on a Remote Console 
session. 


Remote Console Closed 


Displays when a Remote Console session is 
closed. 


Failed Console login - IP Address: IP address 


Displays a failed console login and IP address. 


Added User: User 


Displays when a local user is added. 


User Deleted by: User 


Displays when a local user is deleted. 


Modified User: User 


Displays when a local user is modified. 
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Event Log Display 


Event Log Explanation 


Browser login: User 


Displays when a valid user logs on to iLO using an 
Internet browser. 


Browser logout: User 


Displays when a valid user logs off iLO using an 
Internet browser. 


Failprl Rrnw<spr Innin — IP Arirlrp^ - /P^nWrp^ 


Di^nlav^ whpn a hrnwc:pr Innin atfpmnt fail 6 ? 


Remote Console login: User 


Displays when an authorized user logs on using 
the Remote Console port. 


Remote Console Closed 


Displays when an authorized Remote Console 
user is logged out or when the Remote Console 
nnrt ic; Hn^pH fnllnwinn pi failpd Innin pittpmnt 

uui i i o v*i wogj^j i \J 1 1 \J vv 1 1 i y cx iqiicu iuuii i cx l lci i i vj i . 


Failed Console login - IP Address: IP address 


Displays when an unauthorized user has 
failed three login attempts using the 
Rpmntp Cnn^nlp nnrt 




Di^nlpvc: whpn p npw pntrv i^: marlp tn thp 

i_> louiu y o vv i i ci i a i icvv ci in y i o ii iauc iu l i ic 

authorized user list. 


User Deleted by: User 


Displays when an entry is removed from the 
authorized user list. The User section displays the 
user who requested the removal. 


Event Log Cleared: User 


Displays when the user clears the Event Log. 


Power Cycle (Reset): User 


Displays when the power has been reset. 


Virtual Power Event: User 


Displays when the Virtual Power Button is used. 


Security Override Switch Setting is On 


Displays when the system is booted with the 
Spruritv Ovprridp Switch ^pt tn On 


Security Override Switch Setting 
Channed to Off 


Displays when the system is booted with the 
fipruritv Ovprridp Switch rhannpd frnm On tn Off 


On-board clock set; was previously 
[NOT SET]" 


Displays when the on-board clock is set. Will 
display the previous time or "NOT SET" if there 
was not a time setting previously. 


Logs full SNMP trap alert failed for: IP address 


Displays when the logs are full and the SNMP trap 
alert failed for a specified IP address. 


Security disabled SNMP trap alert failed for: 
IP address 


Displays when the security has been disabled and 
the SNMP trap alert failed for a specified IP 
address. 
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Fvpnt Loci Disnlav 


Fvpnt Lno Fynlanatinn 


Security enabled SNMP trap alert failed for: IP 


Displays when the security has been enabled and 
thp SNMP tran alprt failpd for a snprifipd IP 

Lilt/ VJINIVII LI Clf_/ CA IV 1 1 1 CI 1 1 W-J IUI CL OUVvll 1 W-J II 

address. 


Virtual Floppy connected by User 


Displays when an authorized user connects the 
Virtual Floppy. 


Virtual Floppy disconnected by User 


Displays when an authorized user disconnects the 
Virtual Floppy. 


License added by: User 


Displays when an authorized user adds a license. 


1 irpn^p rpmovpd hv User 


Di^nlavs when an authori7Pd u^pr rpmovps a 
license. 


License activation error by: User 


Displays when there is an error activating the 
license. 


il_0 RBSU user login: User 


Displays when an authorized user logs in to 
iLO RBSU. 


Power on request received by: Type 


A power request was received as one of the 
following types: 

Power Button 

Wake On LAN 

Automatic Power On 


Virtual NMI splprtprl hv //sp/* 

V 1 [ LUCU INIVII OCICL/ICU l_/y . l/OCsf 


Di^nlav^ whpn an Piithori7pH n^pr ^plppte thp 

I / louiciyo v v I ic I I ail ciuli iui i£.cu uoci ociculo 11 I c 

Virtual NMI button. 


Virtual Sprial Port spssion started bv U^pr 


Disnlavs whpn a Virtual Sprial Port spssion is 

L/IOUIU V O VVI Ivl 1 CA V II LUUI V^Vvl 1 C* 1 1 w 1 1 iJVOOIUI 1 IO 

started. 


Virtual Serial Port session stopped by: User 


Displays when a Virtual Serial Port session is 
ended. 


Virtual Serial Port session login failure from: 
User 


Displays when there is a login failure for a Virtual 
Serial Port session. 



249 



Technical Support 



In This Section 



HP Contact Information 
Before You Contact HP 
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HP Contact Information 



For the name of the nearest HP authorized reseller: 

• In the United States, call 1-800-345-1518. 

• In Canada, call 1-800-263-5868. 

• In other locations, refer to the HP website ( http://www.hp.com ). 
For HP technical support: 

• In North America, call the HP Technical Support Phone Center at 1-800-652- 
6672. This service is available 24 hours a day, 7 days a week. For continuous 
quality improvement, calls may be recorded or monitored. 

• Outside North America, call the nearest HP Technical Support Phone Center. 
For telephone numbers for worldwide Technical Support Centers, refer to the 
HP website ( http://www.hp.com) . 



Be sure to have the following information available before you call HP: 

• Technical support registration number (if applicable) 

• Product serial number 

• Product model name and number 

• Applicable error messages 

• Add-on boards or hardware 



Before You Contact HP 
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• Third-party hardware or software 

• Operating system type and revision level 



Acronyms and Abbreviations 



ACPI 

Advanced Configuration and Power Interface 
ARP 

Address Resolution Protocol 
ASCII 

American Standard Code for Information Interchang 
CA 

certificate authority 
CR 

Certificate Request 
DHCP 

Dynamic Host Configuration Protocol 
DNS 

Domain Name System 
EMS 

Emergency Management Services 
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FEH 

fatal exception handler 
FSMO 

Flexible Single-Master Operation 
HB 

heartbeat 
ICMP 

Internet Control Message Protocol 
il_0 

Integrated Lights-Out 
I ML 

Integrated Management Log 
IP 

Internet Protocol 
LDAP 

Lightweight Directory Access Protocol 
LED 

light-emitting diode 
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LOM 

Lights-Out Management 
MMC 

Microsoft® Management Console 
NIC 

network interface controller 
NVRAM 

non- volatile memory 
POST 

Power-On Self-Test 
PSP 

ProLiant Support Pack 
RAS 

remote access service 
RBSU 

ROM-Based Setup Utility 
RIBCL 

Remote Insight Board Command Language 
RILOE 

Remote Insight Lights-Out Edition 
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RILOE II 

Remote Insight Lights-Out Edition II 
SNMP 

Simple Network Management Protocol 
SSL 

Secure Sockets Layer 
UID 

unit identification 
USB 

universal serial bus 
VM 

Virtual Machine 
VPN 

virtual private networking 
XML 

extensible markup language 



255 



Index 



A 

activation 225 

Active Directory 105 

ADDJJSER 157, 165 

additional information 249 

administration 63, 65, 68, 72, 74, 76, 77, 141, 

142, 212 
alert and trap problems 228 
alerts 87 

authorized reseller 249 

B 

batch processing 145 
BLp-Class 77,223 
Browser-Based Setup 15 

c 

CLEAR_EVENTLOG 192 

commands 150, 163, 164, 165, 168, 169, 171, 
173, 175, 176, 177, 179, 183, 185, 186, 188, 
189, 190, 192, 194, 195, 197, 198, 199, 200, 
201,202, 203,204, 205 

configuration options 13, 14, 15, 18 

connection overview 29, 30 

CPQLODOS 150, 152 

cursor modes 27 

D 

data protection methods 88 
data types 159 
DELETEJJSER 168 
device drivers, installing 19, 20, 21 
Device Queries 143 

Directory Services 99, 101, 105, 122, 219 
Directory Services for eDirectory 122 



Directory Services Objects 113, 128 
directory services settings 155 
Directory settings 135, 219, 220 

E 

eDirectory 122 

enabling 99 

error messages 159 

F 

features 99 

G 

GET_ALL_USERS 173 
GET_DIR_CONFIG 185 
GET_FIRMWARE_VERSION 194 
GET_GLOBAL_SETTINGS 188 
GET_HOST_POWER_STATUS 202 
GET_NETWORK_SETTINGS 177 
GET_TOPOLOGY 200 
GET_UID_STATUS 205 
GETJJSER 169 
global settings 68, 214 

H 

hardware troubleshooting 23 1 
HOTKEY_CONFIG 195 

I 

iLO Advanced Funtionality 15, 18, 50 
Insight Manager 7 85, 87, 88, 221 
Insight Manager 7 integration 89 

L 

LDAP 122 

LEDs 229 

LICENSE 197 

Lights-Out DOS Utility 149 



256 Integrated Lights-Out User Guide 



Lights-Out Management 1 2 1 , 1 34 
LOGIN 163 

M 

MOD_BLADE_RACK 199 
MOD_DIR_CONFIG 155, 186, 187 
MOD_GLOBAL_SETTINGS 189 
MOD_NETWORK_SETTINGS 152 
MOD_SNMP_IM_SETTINGS 190 

N 

NetWare server support 21 
network settings 65, 216 

o 

operational overview 30, 85, 149, 160 
optimizing performance 16 
overview, RIBCL 160 

P 

port matching 87 

preparation procedures 101, 105, 122 

Q 

queries 143 

query definition 143 

R 

RACKJNFO 198 
Remote Console 46, 49 
required information 249 
required software 101, 227 
RESET_RIB 177 
RESET_SERVER 204 
RIBJNFO 176 
RIBCL 159, 160 

ROM-Based Setup Utility (RBSU) 14 



s 

schema documentation 99 
schema installer 101 
scripts 160 

server identification 211 
SERVERJNFO 201 
SET_HOST_POWER 203 
settings 17,18,77,99 
Snap-In installer 104 
SNMP alerts 15 
software troubleshooting 231 
supported software 25, 26, 100 
system status 40,41,42,43 

T 

technical support 249 
telephone numbers 249 
Telnet 83 

u 

UID_CONTROL 205 

UPDATE_RIB_FIRMWARE 193 

usage model 28 

user access 35,39,40,138 

USER_INFO 164 

using virutal media 55 

V 

virtual devices 50, 51, 53, 55, 61, 62 

virtual indicators 62 

Virtual Media 53, 55, 58, 59, 60 

Virtual Power button 5 1 

Virtual Serial port 61 

w 

Windows server support 20 

X 



XML header 161 



Index 257 



XML, general guidelines 160 



